-
Notifications
You must be signed in to change notification settings - Fork 673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS Decryption, packet replay #844
Comments
Unfortunately PcapPlusPlus does not support TLS decryption. This will require integration with OpenSSL which currently doesn't exist |
FYI I got decryption to work with openssl (SSL_get_client_random, SSL_SESSION_get_master_key) and wireshark |
Nice!! Just curious: are you using it inside of PcapPlusPlus (by changing the code) or as a separate tool? |
@seladb I'm running the capture & decryption from wireshark, key logging in the client code. |
ok got it, thanks! Should we close this issue? |
Would be nice to have this feature(s) in pcapplusplus. -Maybe keep the ticket as a feature request, open for sponsoring ? |
Sure, we can keep it open for some time. If we see more demand for this feature we will consider implementing it |
demand +1 |
@WHOLETTHEDOG-OUT would you consider adding this functionality to PcapPlusPlus? |
I referenced this project to implement TLS decryption, which I can't provide as it's company code. But others who are interested can refer to |
Hi, I'm trying to figure out how to replay (& capture) a secure web socket feed in my application, for low-level network debugging. I'm in full control of the client/application and have the ssl session master key. I'm not in control of the server.
Does pcapplusplus support TLS decryption given the master key and the client random value ?
Wireshark seem to be able to replay a modified/re-encrypted pcap from what I understand.
(https://www.ibm.com/support/pages/decrypt-datapower-tlsssl-traffic-using-master-secret-logging)
(https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/)
(https://wiki.wireshark.org/TLS)
-Also is it possible to inject the secret in the pcap file to streamline the replay process;
(see "Embedding decryption secrets in a pcapng file" in https://wiki.wireshark.org/TLS#using-the-pre-master-secret )
The text was updated successfully, but these errors were encountered: