浣跨敤Wireshark鏌ョ湅HTTPS涓璗LS鎻℃墜杩囩▼

Posted 2020-11-27

鏍囩锛?a href='http://www.mamicode.com/so/1/cipher' title='cipher'>cipher   鏈嶅姟鍣ㄧ   ESS   https   filename   layer   exe   ble   鍙傛暟   

閫氳繃浣跨敤Wireshark鎶撳寘鍒嗘瀽TLS鎻℃墜鐨勮繃绋嬶紝鍙互鏇村鏄撶悊瑙ｅ拰楠岃瘉TLS鍗忚锛屾湰鏂囧皢鍏堜粙缁峎ireshark瑙ｅ瘑HTTPS娴侀噺鐨勬柟娉曪紝鐒跺悗鍒嗗埆楠岃瘉TLS鎻℃墜杩囩▼鍜孴LS浼氳瘽鎭㈠鐨勮繃绋嬨€?/p>

涓€銆佷娇鐢╓ireshark瑙ｅ瘑HTTPS娴侀噺鐨勬柟娉?/h1>

TLS瀵逛紶杈撴暟鎹繘琛屼簡鍔犲瘑锛岀洿鎺ヤ娇鐢╓ireshark鏌ョ湅锛孴SL鍗忚涔嬩笂鐨勫崗璁粏鑺傦紙搴旂敤灞?HTTP锛夊畬鍏ㄧ湅涓嶅埌锛屽洜姝ら渶瑕佽В瀵嗗悗锛屾墠鑳芥煡鐪嬨€傝В瀵嗘柟娉曞涓嬶細

1.鍦?a title="涓嬭浇鍦板潃" href="https://www.wireshark.org/#download" rel="noopener" target="_blank">Wireshark瀹樼綉涓嬭浇绯荤粺瀵瑰簲鐨刉ireshark瀹夎鍖咃紝杩涜瀹夎

2.澧炲姞绯荤粺鐜鍙橀噺璁剧疆锛堣绠楁満 -- 鍙抽敭 -- 灞炴€?-楂樼骇绯荤粺璁剧疆--楂樼骇--鐜鍙橀噺--绯荤粺鍙橀噺--鏂板缓锛?/p>

鍙橀噺鍚嶏細SSLKEYLOGFILE

鍙橀噺鍊硷細%USERPROFILE%sslkeysENV.pms

3.鍦–MD浣跨敤鍛戒护琛屽惎鍔╟hrome娴忚鍣?/p>

"C:Program Files (x86)GoogleChromeApplicationchrome.exe" --ssl-key-log-file=%USERPROFILE%sslkeysARG.pms

4.璁剧疆Wireshark

(1)鎵撳紑Wireshark--缂栬緫--棣栭€夐」--Protocols--SSL

(2)璁剧疆(Pre)-Master-Secret log filename

C:Users鐢ㄦ埛鍚峔sslkeysARG.pms  锛堣矾寰?灏辨槸 %USERPROFILE%鐨勫€硷級

(3)璁剧疆SSL debug file 锛堟姝ラ鍙€夛紝鐢ㄦ潵璁板綍瑙ｅ瘑鐨勬棩蹇楋級

C:Users鐢ㄦ埛鍚峔ssl.log 锛堣矾寰?灏辨槸 %USERPROFILE%鐨勫€硷級

5.姝ゆ椂渚垮彲浠ュ湪Wireshark涓煡鐪婬TTPS鐨勬祦閲忎簡

涓嬮潰鏄В瀵嗗墠鍚庡姣斿浘锛?/p>

浜屻€佸畬鏁寸殑TLS鎻℃墜杩囩▼

涓婂浘鏄畬鏁寸殑TLS鎻℃墜鐨勮繃绋嬶紝TLS杩愯鍦ㄤ紶杈撳眰鍗忚涔嬩笂锛岃摑鑹茬殑閮ㄥ垎鏄疶CP鎻℃墜闃舵銆傚亣璁炬湇鍔″櫒涓庡鎴风鐨勪紶杈撴椂闂存槸28ms銆傛垜浠€氳繃Wireshark鐨勬姄鍖呮潵閫愭潯鍒嗘瀽锛?/p>

1. 鍦?ms锛屽鎴风鍙戦€丼YN鍒嗙粍寮€濮婽CP鎻℃墜锛?/p>

2. 鍦?8ms锛屾湇鍔″櫒鍝嶅簲SYN-ACK鍒嗙粍锛?/p>

3.鍦?6ms锛屽鎴风纭SYN-ACK锛?/p>

 鍚屾椂锛岀珛鍗冲彂閫丆lient Hello锛屼篃鏄疶LS鎻℃墜鐨勭涓€姝ワ紝灏員LS鐨勭増鏈€佹墍鏀寔鐨勫姞瀵嗗浠跺垪琛ㄣ€佹敮鎸佹垨甯屾湜鐨勪娇鐢ㄧ殑TLS鎵╁睍閫夐」鍙戦€佺粰鏈嶅姟鍣ㄣ€?/p>

鍏朵腑server_name 涓篠NI锛圫erver Name Indication锛屾湇鍔″櫒鍚嶇О鎸囩ず锛夋墿灞曪紝涓嶩TTP涓璈ost棣栭儴鐩镐技锛屽湪鎻℃墜涔嬪垵灏辨寚瀹氳杩炴帴鐨勪富鏈哄悕銆傚浜庣浉鍚孖P鏈嶅姟涓嶅悓鍩熷悕鐨勬儏鍐碉紝灏卞彲浠ヤ娇鐢⊿NI鍖哄垎涓嶅悓鐨勫煙鍚嶃€?/p>

鍏朵腑Application Layer Protocol Negotiation 涓篈LPN搴旂敤灞傚崗璁崗鍟嗘墿灞曪紝鍦═LS鎻℃墜鐨勫悓浜嬪崗鍟嗗簲鐢ㄥ崗璁紝鑺傜渷HTTP Upgrade鏈哄埗甯︽潵鐨勯澶栫殑寰€杩旀椂闂淬€?/p>

4. 鍦?4ms锛屾湇鍔″櫒鍙戦€丼erver Hello锛孋ertificate锛岋紙Server Key Exchange锛夛紝Server Hello Done

鏈嶅姟鍣ㄥ彇寰桾LS鍗忚鐗堟湰鐢ㄤ簬涔嬪悗鐨勯€氫俊锛屼粠瀹㈡埛绔彁渚涚殑鍔犲瘑濂椾欢閲岄€夋嫨涓€涓紝閫夋嫨HTTP鍗忚鐗堟湰锛岄檮涓婅嚜宸辩殑璇佷功锛屽彂閫佺粰瀹㈡埛绔€備綔涓哄彲閫夐」锛屾湇鍔″櫒涔熷彲浠ュ彂閫佷竴涓姹傦紝瑕佹眰瀹㈡埛绔彁渚涜瘉涔﹀強鍏朵粬TLS鎵╁睍鍙傛暟銆?/p>

5. 鍦?12ms锛屽鎴风鍙戦€丆lient Key Exchange锛孋hange Cipher Spec锛孎inished

瀹㈡埛绔敓鎴愪竴涓柊鐨勫绉板瘑閽ワ紝鐢ㄦ湇鍔″櫒鐨勫叕閽ュ姞瀵嗭紝鍙戦€佺粰鏈嶅姟鍣紝鍛婄煡鏈嶅姟鍣ㄥ彲浠ュ紑濮嬪姞瀵嗛€氫俊浜嗐€?/p>

6. 鍦?40ms锛屾湇鍔″櫒绔彂閫侊紙New Session Ticket锛夛紝Change Cipher Spec锛孎inished

鏈嶅姟鍣ㄨВ瀵嗗嚭瀹㈡埛绔彂鏉ョ殑瀵圭О瀵嗛挜锛岄€氳繃楠岃瘉娑堟伅鐨凪AC妫€鏌ユ秷鎭殑瀹屾暣鎬э紝鍐嶈繑鍥炵粰瀹㈡埛绔竴涓姞瀵嗙殑“Finished”娑堟伅銆傚洜涓烘槸绗竴娆″缓绔嬩細璇濓紝杩樺彂閫佷簡New Session Ticket銆?/p>

7. 鍦?68ms锛屽紑濮嬩紶杈撳簲鐢ㄥ眰鏁版嵁銆?/p>

涓夈€佺畝鐭殑TLS鎻℃墜杩囩▼

涓轰簡鑺傜渷鎻℃墜寰€杩旀鏁帮紝TLS鎻愪緵浜嗘仮澶嶅姛鑳斤紝閫氳繃鏈嶅姟鍣ㄧ鐨勪細璇濇爣璇嗙鎴栧鎴风鐨勪細璇濊褰曞崟鏈哄埗锛屼篃琚О涓轰細璇濈紦瀛樻垨鏃犵姸鎬佹仮澶嶆満鍒讹紝鍑忓皯鍗忓晢娆℃暟銆?/p>

1. 鍦?ms锛屽鎴风鍙戦€丼YN鍒嗙粍寮€濮婽CP鎻℃墜锛?/p>

2. 鍦?8ms锛屾湇鍔″櫒鍝嶅簲SYN-ACK鍒嗙粍锛?/p>

3.鍦?6ms锛屽鎴风纭SYN-ACK锛?/p>

 鍚屾椂锛岀珛鍗冲彂閫丆lient Hello锛屼篃鏄疶LS鎻℃墜鐨勭涓€姝ワ紝灏員LS鐨勭増鏈€丼ession ID銆佹墍鏀寔鐨勫姞瀵嗗浠跺垪琛ㄣ€佹敮鎸佹垨甯屾湜鐨勪娇鐢ㄧ殑TLS鎵╁睍閫夐」鍙戦€佺粰鏈嶅姟鍣ㄣ€?/p>

4. 鍦?4ms锛屾湇鍔″櫒鍙戦€丼erver Hello锛孋hange Cipher Spec锛孲erver Hello Done

5. 鍦?12ms锛屽鎴风鍙戦€丆hange Cipher Spec锛孎inished

鍚屾椂锛岀珛鍗冲彲浠ヤ紶杈撳簲鐢ㄥ眰鏁版嵁銆?/p>

 

鍙傝€冭祫鏂欙細

1.https://hpbn.co/

2.https://stackoverflow.com/questions/42332792/chrome-not-firefox-are-not-dumping-to-sslkeylogfile-variable

3.https://imququ.com/post/http2-traffic-in-wireshark.html