session key file and pcapng format support

[sergey-safarov]

I want to implement on Kamailio server-side logging of session encryption keys. This will allow the embed key into PCAPNG file and a simple open file in Wireshark. Using editcap utility. More info.

The new file will have PCAPNG format (description) (description source).

This will allow me easily debug TLS calls using Wireshark.

But on the remote server, I love to use sngpre.

Could you add support: 1) to load decryption session keys like it does Wireshark; 2) read pcapng format files with embedded session keys; 3) write pcapng format files with embedded session keys.

Relevant info feature ticket on Wireshark tracker wiretap description used for reading writing pcapng files; wiretap header files and lib API calls feature commit message

[sergey-safarov]

The same approach may be used for DTLS traffic decryption dtls12-aes128ccm8-dsb.pcapng

[Kaian]

Hi @sergey-safarov !!

Currently sngrep 1.x is just being updated only with bugfixes or small enhacements, so changes like this won't probably fit there.

There is a glib-2 branch that could be the base of sngrep 2.x release that could be enhanced to contain this features, but its development is quite slow as we have other projects in progress right now.

I will leave open this for future reference.

Thanks for all the information!

[sergey-safarov]

Hi @Kaian I prepared tls-with-keys.pcapng with two encrypted calls. 1) with DTLS; 2) without DTLS.

Think it will be helpful for testing. tls-pcap.tar.gz

[sergey-safarov]

Here is a webRTC traffic example with embedded TLS keys. WebRTC-client.pcapng.gz

[sergey-safarov]

Here is a tool that allow capture TLS traffic without encryption keys site https://ecapture.cc/ movie https://www.youtube.com/watch?v=CoDIjEQCvvA