How to see the encrypted key in wireshark, during

2019-01-09 05:33发布

问题:

In wireshark, I am able to see the encrypted data to and fro from my PC. It does not use diffie hellman algorihm for key exchange because I see only the Client Key Exchange packet but there is no Server Key Exchange packet. That means the browser is sending the encrypted key to the server(encrypted using the server's public key).
But I do not see any encrypted data in that packet("Client Key Exchange"). How to view the encrypted key?

回答1:

Until recently the dissection of the ClientKeyExchange was like this(version 1.6 and below):

TLSv1 Record Layer: Handshake Protocol: Client Key Exchange
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 134
    Handshake Protocol: Client Key Exchange
        Handshake Type: Client Key Exchange (16)
        Length: 130

But if you use this verison(1.7.2 upwards) the key dissection will be like this:

TLSv1 Record Layer: Handshake Protocol: Client Key Exchange
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 134
    Handshake Protocol: Client Key Exchange
        Handshake Type: Client Key Exchange (16)
        Length: 130
        RSA Encrypted PreMaster Secret
            Encrypted PreMaster length: 128
            Encrypted PreMaster: 761b1beac35e59de9a3bb9f74ebf9109b738e8ad346


You can see the encrypted pre-master:)



回答2:

You won't see the encrypted shared-key, it's not exchanged. You can see the encrypted pre-master secret when using RSA authenticated key exchange. (Note that using Ephemeral Diffie-Hellman isn't the only reason for not seeing a server key exchange message: it could also use a DH_DSS or DH_RSA cipher suite, but this is unusual as far as I know).

If you follow the instructions about decrypting SSL with Wireshark, use the "SSL debug file" option to store the logs into a file. (Note that the user interface has changed slightly in newer versions of Wireshark, in the way you configure the private key.)

The log files will contain the pre-master secret and the shared keys.

(By the way, you need the server's private key to do this, of course.)

Using the sample data provided on the Wireshark page, you get:

pre master encrypted[128]:
65 51 2d a6 d4 a7 38 df ac 79 1f 0b d9 b2 61 7d 
73 88 32 d9 f2 62 3a 8b 11 04 75 ca 42 ff 4e d9 
cc b9 fa 86 f3 16 2f 09 73 51 66 aa 29 cd 80 61 
0f e8 13 ce 5b 8e 0a 23 f8 91 5e 5f 54 70 80 8e 
7b 28 ef b6 69 b2 59 85 74 98 e2 7e d8 cc 76 80 
e1 b6 45 4d c7 cd 84 ce b4 52 79 74 cd e6 d7 d1 
9c ad ef 63 6c 0f f7 05 e4 4d 1a d3 cb 9c d2 51 
b5 61 cb ff 7c ee c7 bc 5e 15 a3 f2 52 0f bb 32 

pre master secret[48]:
03 00 ff 84 56 6d a0 fb cc fd c6 c8 20 d5 f0 65 
18 87 b0 44 45 9c e3 92 f0 4d 32 cd 41 85 10 24 
cb 7a b3 01 36 3d 93 27 12 a4 7e 00 29 96 59 d8 

master secret[48]:
1e db 35 95 b8 18 b3 52 58 f3 07 3f e6 af 8a a6 
ab c3 a4 ed 66 3a 46 86 b6 e5 49 2a 7c f7 8c c2 
ac 22 bb 13 15 0f d8 62 a2 39 23 7b c2 ff 28 fb 

key expansion[136]:
11 60 e4 e1 74 e9 a1 cf 67 f9 b7 bc ef bc a7 c7 
b3 f7 33 aa b2 42 d0 1c a6 4e fb e9 9b 13 dd 29 
63 aa 17 1f 47 71 95 71 08 e0 4b 8e e1 da 7b 4a 
5a f3 c2 32 bd e0 a5 82 6d 14 44 3a d6 cb 2d c0 
7d 57 be a8 37 de 5d d9 a1 07 fd 1b 22 71 b9 4b 
7a 1e 0f 70 37 14 97 0a f0 db 98 3b 7b 74 e3 2d 
51 66 2e 31 68 90 ac 6f e6 53 3c c9 5e 48 0c 05 
bc 9f 92 e7 f9 91 98 f5 95 1c c4 bf d9 cb 26 ef 
35 70 5e ad 21 22 3e f6 
Client MAC key[20]:
11 60 e4 e1 74 e9 a1 cf 67 f9 b7 bc ef bc a7 c7 
b3 f7 33 aa 
Server MAC key[20]:
b2 42 d0 1c a6 4e fb e9 9b 13 dd 29 63 aa 17 1f 
47 71 95 71 
Client Write key[32]:
08 e0 4b 8e e1 da 7b 4a 5a f3 c2 32 bd e0 a5 82 
6d 14 44 3a d6 cb 2d c0 7d 57 be a8 37 de 5d d9 
Server Write key[32]:
a1 07 fd 1b 22 71 b9 4b 7a 1e 0f 70 37 14 97 0a 
f0 db 98 3b 7b 74 e3 2d 51 66 2e 31 68 90 ac 6f 
Client Write IV[16]:
e6 53 3c c9 5e 48 0c 05 bc 9f 92 e7 f9 91 98 f5 
Server Write IV[16]:
95 1c c4 bf d9 cb 26 ef 35 70 5e ad 21 22 3e f6 


回答3:

Awesome write up here explaining how SSL works, notice at no time during this handshake is the private key ever sent over the wire.

http://4orensics.wordpress.com/2011/10/21/ssl-in-a-nutshell/

Long story short there is no way to decrypt SSL streams without the server's private key (unless you work for the NSA or something), however you may want to look into getting in between the server and client during the handshake and if the user does not check the validity of the certificate that is presented you are in business.

Here is a tool that can do that for you among many others

http://mitmproxy.org/

Of note I highly recommend the sans reading room article on SSL Mitm(Man in the Middle) attacks.