Add KEYLOGFILE TLS decryption support. #11

vadimszzz · 2021-11-29T11:29:30Z

I have such code:

nss_keys = {}

with open("captured.keylog", "r") as keylogfd:
    for line in keylogfd.readlines():
        tokens = line.strip().split()
        if tokens[1] not in nss_keys:
            nss_keys[tokens[1]] = {}
        if tokens[0] == 'CLIENT_RANDOM':
            nss_keys[tokens[1]]['master_secret'] = tokens[2]
        elif tokens[0] == 'CLIENT_HANDSHAKE_TRAFFIC_SECRET':
            nss_keys[tokens[1]]['client_handshake_secret'] = tokens[2]
        elif tokens[0] == 'SERVER_HANDSHAKE_TRAFFIC_SECRET':
            nss_keys[tokens[1]]['server_handshake_secret'] = tokens[2]
        elif tokens[0] == 'CLIENT_TRAFFIC_SECRET_0':
            nss_keys[tokens[1]]['client_traffic_secret'] = tokens[2]
        elif tokens[0] == 'SERVER_TRAFFIC_SECRET_0':
            nss_keys[tokens[1]]['server_traffic_secret'] = tokens[2]

print(json.dumps(nss_keys, indent=4))

that produces:

{
    "7834e2da48ed053d149e3587e646eef8d37cbd4c96bcd3e010089c2dbf3918f6": {
        "client_handshake_secret": "3cc7fb6f9518cd0e37eba33de56fa5e2d8fac3273d19f311abc5f135b152cae7",
        "server_handshake_secret": "195e9473d29b45c71a261e303b4075e418c0b7d23268a44895d0d6a8ad42a74f",
        "client_traffic_secret": "98a36efdd5b709685456a9ffd550addbfda34213661ddadf3aee1fee2a18bdc9",
        "server_traffic_secret": "5fd2f247d0b31c80dd899a93a6d193424309e640658d0329b0f3376260e61208"
    },
    "82f2d1337f0065ecd9fa5cc844c74813daa3585f011a07ecdb793c30edfb9a4a": {
        "client_handshake_secret": "f066f004712237a8cbb192cadaad5e9a795df98cd806e5f7e0d1509864fc2c52",
        "server_handshake_secret": "13d3b2a8f8330b478c32bfec00a301585246b8df218ef83d748eda2de6ed785d",
        "client_traffic_secret": "e7ed02a33e208ce3390e45c5d176fa95a1da1b46e3199579eff2d5df5e696850",
        "server_traffic_secret": "b86a222f4b789839d705f15026f72bdffb2849584b0d5046524f5d9987bb10f2"
    }
}

captured.pcap and captured.keylog are updating in real time.

I want to use this keys to decrypt TLS traffic and get reconstructed flow with decrypted HTTPS requests and responses in live stream to see every HTTP request with response together in the terminal while they appear. By the first how to decrypt traffic?

The text was updated successfully, but these errors were encountered:

vadimszzz · 2021-11-29T12:23:17Z

You can take a look at secdev/scapy#3374 and https://github.com/cisco/mercury/blob/main/python/pmercury/protocols/tls_decrypt.py

vadimszzz changed the title ~~Please add KEYLOGFILE TLS decryption support.~~ Add KEYLOGFILE TLS decryption support. Nov 29, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add KEYLOGFILE TLS decryption support. #11

Add KEYLOGFILE TLS decryption support. #11

vadimszzz commented Nov 29, 2021 •

edited

Loading

vadimszzz commented Nov 29, 2021 •

edited

Loading

Add KEYLOGFILE TLS decryption support. #11

Add KEYLOGFILE TLS decryption support. #11

Comments

vadimszzz commented Nov 29, 2021 • edited Loading

vadimszzz commented Nov 29, 2021 • edited Loading

vadimszzz commented Nov 29, 2021 •

edited

Loading

vadimszzz commented Nov 29, 2021 •

edited

Loading