Comments (4)
It seems that tshark supports TLS versions 1.0-1.3 well under the HTTP 1.1/2 protocol, but it appears to not support decryption for HTTP 1.0.
Works well for me.
tshark -o tls.keylog_file:key.log -Y http -T fields -e http.file_data -f "port 32888" -i eth0
SSLKEYLOGFILE=key.log curl --local-port 32888 --http1.0 https://www.baidu.com -v
HTTP/1.0 over TLS v1.2 (max supported TLS version for Baidu)
It's really hard find a modern website with both HTTP/1.0 and TLS v1.3 support.
I suppose you'll need to properly set up an Nginx service on your own to kickstart a Ferrari with an antiquated tractor engine (to verify that HTTP/1.0 or even HTTP/0.9 works with TLS v1.3). I believe that the HTTP versions (at least before HTTP/3) and TLS versions are decoupled, and there's fundamentally no need to verify such a multitude of combinations.
from ecapture.
Great idea. However, I need to verify the range of HTTP protocols and TLS versions supported by tshark.
- http 1.0 and tls 1.0
- http 1.0 and tls 1.1
- http 1.0 and tls 1.2
- http 1.0 and tls 1.3
- http 1.1 and tls 1.0
- http 1.1 and tls 1.1
- http 1.1 and tls 1.2
- htto 1.1 and tls 1.3
- http 2.0 and tls 1.0
- http 2.0 and tls 1.1
- http 2.0 and tls 1.2
- http 2.0 and tls 1.3
It seems that tshark supports TLS versions 1.0-1.3 well under the HTTP 1.1/2 protocol, but it appears to not support decryption for HTTP 1.0.
eCapture shell
root@VM-0-13-ubuntu:/home/ubuntu/ecapture# bin/ecapture tls
tls_2023/11/28 22:41:14 ECAPTURE :: ecapture Version : linux_x86_64:0.6.6-20231126-db7e37a:[CORE]
tls_2023/11/28 22:41:14 ECAPTURE :: Pid Info : 24947
tls_2023/11/28 22:41:14 ECAPTURE :: Kernel Info : 5.15.126
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL module initialization
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL master key keylogger: ecapture_masterkey.log
tls_2023/11/28 22:41:14 ECAPTURE :: Module.Run()
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL UPROBE MODEL
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL OpenSSL/BoringSSL version not found from shared library file, used default version:linux_default_3_0
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL HOOK type:2, binrayPath:/lib/x86_64-linux-gnu/libssl.so.3
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL Hook masterKey function:SSL_write
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL libPthread:/lib/x86_64-linux-gnu/libc.so.6
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL target all process.
tls_2023/11/28 22:41:14 EBPFProbeOPENSSL target all users.
tls_2023/11/28 22:41:14 ECAPTURE :: start 2 modules
for http1.x
tshark -o tls.keylog_file:ecapture_masterkey.log -Y http -T fields -e http.file_data -f "port 443" -i eth0
for http2
tshark -o tls.keylog_file:ecapture_masterkey.log -Y http2 -T fields -e http2.data.data -f "port 443" -i eth0
ref:https://www.wireshark.org/docs/dfref/h/http2.html
from ecapture.
Let’s not limit our imagination to just the HTTPS protocol; in fact, TShark (essentially WireShark) can support a wide range of protocols, including but not limited to MySQL (PostgreSQL) connections over TLS, SMTPS, POP3S, and more. Additionally, we should also pay attention to how OpenSSL retrieves the TLS Key Log in HTTP/3.0 (UDP), with the possibility of hooking into new functions to support HTTP/3.0.
from ecapture.
Theoretically, any protocol listed here (https://www.wireshark.org/docs/dfref/) and encapsulated within the TLS layer can be parsed and displayed.
from ecapture.
Related Issues (20)
- gotls 捕获golang程序,不能写pcapfile文件,不能看到响应的内容 HOT 4
- Not working with redroid HOT 13
- windows也有ebpf,是否兼容适配? HOT 1
- 鸿蒙4.0支持分析https内容不 HOT 3
- 关于在pcap模式中tc层skb_data payload数据传输的问题 HOT 3
- eCapture run failed, error log: invalid memory address or nil pointer dereference HOT 3
- Build 2 Android Arm64 HOT 1
- ssh加解密教程 HOT 4
- gotls 访问百度,https 包无法获取、只能截取 http 包 HOT 2
- 加解密模式对性能的影响是多少 HOT 2
- tls 模式,app抓包解密失败 HOT 1
- error: couldn't start bootstrap manager error HOT 3
- TLS 模式下,对被检测程序的性能影响。 HOT 9
- The SSL structure in openssl 3.2.0 has been modified HOT 4
- PCAP mode can only decrypt partial HTTPS traffic, not all of it HOT 8
- fatal error: concurrent map read and map write HOT 1
- 这是我姿势不对么?最新版本的总提示No runnable modules, Exit(1) HOT 2
- tls子命令可否支持ip过滤 HOT 6
- archlinux不存在/boot/config-`uname -r`文件,导致启动程序时报错 HOT 6
- I am new. How to use software? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ecapture.