1. Why is the packet captured by wireshark not displayed?
Wireshark is a packet capture tool based on the network layer, which realizes content extraction by capturing TCP/IP packets of both parties in communication. For application layer data, if the application layer protocol is public, the data can be displayed directly. When processing the HTTPS protocol, because the private keys of the client and server are not known, the corresponding data is not visible. In other words, if wireshark can obtain the private key, it can display HTTPS communication data.
2. Use the chrome browser to capture https:
1. Configure the environment variable SSLKEYLOGFILE C:\Users\Sun\sslkey.log
**
Note: This environment variable depends on your own computer configuration, add it when you use it, don't remember to delete it. Because it may give you an exception when other programs are running: OPENSSL_Uplink(XX...XX,08): no OPENSSL_Applink
**
2. Restart Google Chrome, and check whether the sslkey.log file is generated at the specified location.
3. Configure and configure wireshark
Configure wireshark : Edit---->Preferences---->protocols---->TLS
4. Capture HTTPS packets
Use Google Chrome to visit the https website or send a request in the browser console.
Remark:
1. Open the console - as shown in the figure below (or right click on the browser page -> check -> switch to the console console)
2. Enter the following code on the console
fetch(new Request('url地址',{
method:'POST'})).then((resp)=>{
console.log(resp)})
Note: The url address is the interface path that needs to be accessed. If you need to pass parameters, just add the request parameters to the url (same as the get method)
3. After completing the second step, click Enter . In the address request column, you will see the request information of the interface, and you're done!
If the decryption fails, it will display as follows:
Be sure to delete the configured path when not in use, C:\Users\Sun\sslkey.log will continue to grow and affect other programs.
Reference link:
https://www.zhangshilong.cn/work/268389.html
https://blog.csdn.net/qq_17328759/article/details/122884006