使用wireshark对HTTPS解密的实践(一)--测试结果

最近需要解析HTTPS流量,所以对wireshark的HTTPS解密进行了实测。网上各种文章很多,但是具体操作起来还是很多没讲清楚的,自己做完记录一下。

最开始总是解密不出来,后来找到官网的文章才发现对解密是有限制的。使用wireshark解密SSL协议的限制如下文:

https://wiki.wireshark.org/TLS#RSA_Keys
https://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys

TLS Decryption
Wireshark supports TLS decryption when appropriate secrets are provided. The two available methods are
Key log file using per-session secrets (#Using_the_.28Pre.29-Master-Secret).
Decryption using an RSA private key (#RSA_Keys).

A key log file is a universal mechanism that always enables decryption, even if a Diffie-Hellman (DH) key exchange is in use. The RSA private key only works in a limited number of cases.
The key log file is a text file generated by applications such as Firefox, Chrome and curl when the SSLKEYLOGFILE environment variable is set. To be precise, their underlying library (NSS, OpenSSL or boringssl) writes the r

你可能感兴趣的:(流量解析)