1. Wireshark uses chrome/firefox to parse SSL data
-
Environment variable settings
Chrome and firefox will save the symmetric key information when parsing the SSL data. Adding windows environment variables can set the path of the symmetric key information saving file, as shown in the following figure:
- wireshark settings
Take wireshark 2.9.0 as an example, in the preferences-"Protocols-" TLS (lower version is SSL), set the path of the symmetric key information file, as shown in the following figure:
After the setting is complete, restart the browser, wireshark can parse the captured SSL data, as shown in the following figure:
Two, sslkey.log file analysis
The figure below is the sslkey.log file, each line is a set of symmetric key information.
Wireshark is open source. There is a comment in its source code that introduces the log file format supported by Wireshark:
You can see that sslkey.log belongs to the last format "CLIENT_RANDOM xxxx yyyy", so we can save the client_random and master secret to a file when our program performs the SSL handshake, and provide it to wireshark for SSL analysis. The format "PMS_CLIENT_RANDOM xxxx yyyy" can be parsed correctly after testing.
Reference materials:
https://jingyan.baidu.com/article/20b68a88b2af7f796cec62b3.html