Feature request: Implement please SSLKEYLOG decryption

tintinweb / scapy-ssl_tls

SSL/TLS layers for scapy the interactive packet manipulation tool

GNU General Public License v2.0

419 stars 156 forks source link

Feature request: Implement please SSLKEYLOG decryption #166

Open vadimszzz opened 2 years ago

vadimszzz commented 2 years ago

Looks like pcap decryption works only with .pem files. But TLS decryption with NSS isn't available (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_keylog_callback.html, https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format, https://sharkfesteurope.wireshark.org/assets/presentations17eu/15.pdf)

vadimszzz commented 2 years ago

Oh, looks like PR #64 already implements this!

vadimszzz commented 2 years ago

How to use it? Lack of information in readme

vadimszzz commented 2 years ago

@tintinweb @strizhechenko @exploide @googlebleh @ALSchwalm Can you provide any information about SSL decryption? You and another contributors have done great work but it looks like while your project supports PEM files to decrypt network traffic it doesn't support SSLKEYLOG files? Could you please help me to figure it out and take a look at #64 to advice what should I do to make it work with latest releases?

googlebleh commented 2 years ago

have you tried installing ALSchwalm:master-secret and using the example?

diff --git a/examples/sessionctx_sniffer.py b/examples/sessionctx_sniffer.py
index 1baa972..dafae4c 100644
--- a/examples/sessionctx_sniffer.py
+++ b/examples/sessionctx_sniffer.py
@@ -139,7 +139,7 @@ class Sniffer(object):
         session = ssl_tls_crypto.TLSSessionCtx()
         if keyfile:
             print "* load servers privatekey for ciphertext decryption (RSA key only): %s"%keyfile
-            session.rsa_load_keys_from_file(keyfile)
+            session.load_secrets_from_file(keyfile)

             session.printed=False
             self.ssl_session_map[target]=session

$ python examples/sessionctx_sniffer.py <target-ip> <pcap> <sskeylogfile>

vadimszzz commented 2 years ago

have you tried installing ALSchwalm:master-secret and using the example?

…

Thanks, the problem is his fork is 5 years old, is there any ability to do this in latest versions? Or do you plan to add this feature? Or which part of the project should I modify to make it myself?

Anyway thanks to @ALSchwalm to make it possible at all!

I tried to merge ALSchwalm:master-secret into tintinweb:master but a lot has changed in 5 years and there is a git conflict. I can’t handle it due to lack of understanding.