用Wireshark解析https加密信息

转自：http://troushoo.blog.fc2.com/blog-entry-234.html
参考：https://www.m00nie.com/2015/05/decrypt-https-ssltls-with-wireshark/

方法适用于 Chorme 或是 Firefox


1、在cmd窗口（需要管理员权限？）运行下述命令

set SSLKEYLOGFILE=c:\sslkeylog.log

不要关闭cmd窗口

2、继续执行打开chrome 或是Firefox

"C:\Program Files (x86)\Google\Chrome\Application"


3、

4、

5、进行通信并开始抓包

6、在Decrypted SSL data 窗口里就能看到加密的数据

附
sslkeylog.log文件格式

NSS Key Log Format

Key logs can be written by NSS so that external programs can decrypt TLS connections. Wireshark 1.6.0 and above can use these log files to decrypt packets. You can specify the key file path viaEdit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.

Key logging is enabled by setting the environment variable SSLKEYLOGFILE <FILE> to point to a file. This file is a series of lines. Comment lines begin with a sharp character ('#'). Otherwise the line takes one of these formats.

RSA  <16 bytes="" encoded="" encrypted="" hex="" master="" of="" pre="" secret=""> <96 bytes="" encoded="" hex="" master="" of="" pre="" secret="">

CLIENT_RANDOM  <64 0px="" bytes="" code="" consolas="" courier="" encoded="" font-style:="" font-weight:="" hex="" inherit="" liberation="" margin:="" mono="" monospace="" nbsp="" of="" padding:="" style="border: 0px; font-family: Consolas, 'Liberation Mono', Courier, monospace; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px;">client_random

> <96 bytes="" encoded="" hex="" master="" of="" secret="">

The RSA form allows ciphersuites using RSA key-agreement to be logged and is supported in shipping versions of Wireshark. The CLIENT_RANDOM format allows other key-agreement algorithms to be logged but is only supported starting with Wireshark 1.8.0. For Wireshark usage, see SSL - Wireshark Wiki.