TLS Decryption, packet replay #844
Comments
|
Unfortunately PcapPlusPlus does not support TLS decryption. This will require integration with OpenSSL which currently doesn't exist |
|
FYI I got decryption to work with openssl (SSL_get_client_random, SSL_SESSION_get_master_key) and wireshark |
|
Nice!! Just curious: are you using it inside of PcapPlusPlus (by changing the code) or as a separate tool? |
|
@seladb I'm running the capture & decryption from wireshark, key logging in the client code. |
|
ok got it, thanks! Should we close this issue? |
|
Would be nice to have this feature(s) in pcapplusplus. -Maybe keep the ticket as a feature request, open for sponsoring ? |
|
Sure, we can keep it open for some time. If we see more demand for this feature we will consider implementing it |
|
demand +1 |
|
@WHOLETTHEDOG-OUT would you consider adding this functionality to PcapPlusPlus? |
|
I referenced this project to implement TLS decryption, which I can't provide as it's company code. But others who are interested can refer to |
Hi, I'm trying to figure out how to replay (& capture) a secure web socket feed in my application, for low-level network debugging. I'm in full control of the client/application and have the ssl session master key. I'm not in control of the server.
Does pcapplusplus support TLS decryption given the master key and the client random value ?
Wireshark seem to be able to replay a modified/re-encrypted pcap from what I understand.
(https://www.ibm.com/support/pages/decrypt-datapower-tlsssl-traffic-using-master-secret-logging)
(https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/)
(https://wiki.wireshark.org/TLS)
-Also is it possible to inject the secret in the pcap file to streamline the replay process;
(see "Embedding decryption secrets in a pcapng file" in https://wiki.wireshark.org/TLS#using-the-pre-master-secret )
The text was updated successfully, but these errors were encountered: