Parsing SSL traffic in .pcap file using Python

前提是你 提交于 2021-02-05 09:41:37

问题


I have a bunch of tcp dumps, which contain SSL traffic. I'm also provided with the RSA private key to decrypt it.

There are a few reasons, why opening them in Wireshark is not really an option, so my goal is to do some statistics on them with Python. So far I've been using Scapy and dpkt for these type of statistics.

How do I analyse a package capture containing SSL-traffic with Python?


回答1:


I am working on SSL/TLS layers for scapy. Besides providing interfaces for TLSMessages (Records,Handshakes,...) the library also comes with a SSLSessionContext that provided you specified an RSA private key gives you an interface to the key material and utility functions to decrypt TLSCiphertext for you. Just feed in the SSL Handshake packets as read from the pcap.

At the moment this works pretty fine for RSA_with_AES-128-SHA. Support for stream ciphers, more hmac/hash algorithms and block_ciphers - as required in the rfc for tls1_0 - will be gradually added as part of some code refactoring.

Check the documentation for more details and an example implementation for a sniffer that decrypts TLSCiphertexts given a private-key and RSA_with_AES-128-SHA.



来源:https://stackoverflow.com/questions/23914686/parsing-ssl-traffic-in-pcap-file-using-python

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!