macOS ◆ xterm-256color ◆ bash 4513 views

Decrypting TLS 1.2 using tshark.

Transcript

#   === Decrypting TLS 1.2 ===
# Chrome and firefox look for the $SSLKEYLOGFILE environmental var
# If it exists, $browser logs SSL keys
echo "export SSLKEYLOGFILE=/tmp/sslkey.log" >> ~/.bashrc
source ~/.bashrc

# Create a temp dir for exported objects
cd /tmp
mkdir obj

# Choose netcat as a url target
url='https://ss64.com/bash/nc.html'
# Start tshark & firefox quietly
tshark -Q -w myfile.pcapng & tpid=$!
firefox --headless --private --url "${url}" & ffpid=$!
# Clean up after website has been retrieved
sleep 5 && kill $tpid $ffpid

# Export http objects, decrypting with our ssl keylog 
tshark --export-objects http,/tmp/obj -o tls.keylog_file:$SSLKEYLOGFILE -r myfile.pcapng >/dev/null

ls obj 
# Looks like we got an html file and a css file

# ss64 html thinks css file is in ../, so put it in subdir
mkdir -p obj/bash
mv obj/nc.html obj/bash/nc.html

# Verify that site was pulled (in your GUI)
firefox obj/bash/nc.html

More by pocc

See all