tshark | Decrypt TLSv1.2

by pocc 5 years ago

macOS ◆ xterm-256color ◆ bash 4298 views

Decrypting TLS 1.2 using tshark.

Transcript

#   === Decrypting TLS 1.2 ===
# Chrome and firefox look for the $SSLKEYLOGFILE environmental var
# If it exists, $browser logs SSL keys
echo "export SSLKEYLOGFILE=/tmp/sslkey.log" >> ~/.bashrc
source ~/.bashrc

# Create a temp dir for exported objects
cd /tmp
mkdir obj

# Choose netcat as a url target
url='https://ss64.com/bash/nc.html'
# Start tshark & firefox quietly
tshark -Q -w myfile.pcapng & tpid=$!
firefox --headless --private --url "${url}" & ffpid=$!
# Clean up after website has been retrieved
sleep 5 && kill $tpid $ffpid

# Export http objects, decrypting with our ssl keylog 
tshark --export-objects http,/tmp/obj -o tls.keylog_file:$SSLKEYLOGFILE -r myfile.pcapng >/dev/null

ls obj 
# Looks like we got an html file and a css file

# ss64 html thinks css file is in ../, so put it in subdir
mkdir -p obj/bash
mv obj/nc.html obj/bash/nc.html

# Verify that site was pulled (in your GUI)
firefox obj/bash/nc.html

More by pocc

tshark | Livestreaming from Scapy 01:46

by pocc 5 years ago

tshark | Check traffic on default interface 00:09

by pocc 5 years ago

capinfos usage 02:35

by pocc 5 years ago

Scapy is Easy! 00:50

by pocc 5 years ago

See all

You can download this recording in asciicast v2 format, as a .cast file.

Download

Replay in terminal

You can replay the downloaded recording in your terminal using the asciinema play command:

asciinema play 239566.cast

If you don't have asciinema CLI installed then see installation instructions.

Use with stand-alone player on your website

Download asciinema player from the releases page (you only need .js and .css file), then use it like this:

<!DOCTYPE html>
<html>
<head>
  <link rel="stylesheet" type="text/css" href="asciinema-player.css" />
</head>
<body>
  <div id="player"></div>
  <script src="asciinema-player.min.js"></script>
  <script>
    AsciinemaPlayer.create(
      '/assets/239566.cast',
      document.getElementById('player'),
      { cols: 79, rows: 26 }
    );
  </script>
</body>
</html>

See asciinema player quick-start guide for full usage instructions.

While this site doesn't offer GIF conversion at the moment, you can still do it yourself with the help of asciinema GIF generator utility - agg.

Once you have it installed run the following command to create GIF file:

agg https://asciinema.org/a/239566 239566.gif

Or, if you already downloaded the recording file:

agg 239566.cast 239566.gif

Check agg --help for all available options. You can change font family and size, select color theme, adjust speed and more.

See agg manual for full usage instructions.