Wireshark mailing list archives
About decoding the https packets.
From: nilesh <nilesh.tayade () netscout com>
Date: Wed, 21 Sep 2011 17:57:42 +0530
Hi, I am implementing a packet parser to capture the application data on wire.In case of https, the application data is encrypted, usually with TLS1.0 etc. I am keen to get any hint on the approach that I should follow.
* TLS1.0 in brief: ------------------- I have gone through the RFC of TLS1.0. And below is how it works:1. Exchange the encryption information, premaster-secret and keys using public key encryption (hello-messages).
2. Also the Random bytes are exchanged.3. Generate locally the 'master-secret' using the 'premaster-secret' and random bytes.
4. Use the 'master-secret' to create below six keys: client/server write keys (for encrypt/decrypt). client/server MAC (msg digests for message integrity). client/server IV (initialization vectors for block ciphers). * Queries: -----------1. How does Wireshark decode https packets currently? Does it also locally generate the six keys mentioned above? 2. I will have the server private key, but will my parser also have to perform the steps to generate 'master-secret' and locally generate six keys?
Any pointers will be appreciated. -- Thanks, Nilesh ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- About decoding the https packets. nilesh (Sep 21)