问题
I have a bunch of tcp dumps, which contain SSL traffic. I'm also provided with the RSA private key to decrypt it.
There are a few reasons, why opening them in Wireshark is not really an option, so my goal is to do some statistics on them with Python. So far I've been using Scapy and dpkt for these type of statistics.
How do I analyse a package capture containing SSL-traffic with Python?
回答1:
I am working on SSL/TLS layers for scapy. Besides providing interfaces for TLSMessages (Records,Handshakes,...) the library also comes with a SSLSessionContext that provided you specified an RSA private key gives you an interface to the key material and utility functions to decrypt TLSCiphertext for you. Just feed in the SSL Handshake packets as read from the pcap.
At the moment this works pretty fine for RSA_with_AES-128-SHA. Support for stream ciphers, more hmac/hash algorithms and block_ciphers - as required in the rfc for tls1_0 - will be gradually added as part of some code refactoring.
Check the documentation for more details and an example implementation for a sniffer that decrypts TLSCiphertexts given a private-key and RSA_with_AES-128-SHA.
来源:https://stackoverflow.com/questions/23914686/parsing-ssl-traffic-in-pcap-file-using-python