如何从服务器获取pem文件为wireshark工作

时间:2013-11-07 13:11:51

标签: ssl encryption wireshark

例如:202.127.168.21:443

尝试了命令

    openssl s_client -connect server:port 2>&1 | sed -ne "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p" > cert.pem

来自Using openssl to get the certificate from a server

DEBUG.TXT

    Wireshark SSL debug log 

    ssl_load_key: can't import pem data: Base64 unexpected header error.

    dissect_ssl enter frame #4 (first time)
    ssl_session_init: initializing ptr 05EA6D14 size 592
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 240
    dissect_ssl3_record: content_type 22 Handshake
    decrypt_ssl3_record: app_data len 235, ssl state 0x00
    association_find: TCP port 3204 found 00000000
    packet_from_server: is from server - FALSE
    decrypt_ssl3_record: using client decoder
    decrypt_ssl3_record: no decoder available
    dissect_ssl3_handshake iteration 1 type 1 offset 5 length 231 bytes, remaining 240 
    packet_from_server: is from server - FALSE
    ssl_find_private_key server 202.127.168.21:443
    ssl_find_private_key can't find private key for this server! Try it again with universal port 0
    ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
    ssl_find_private_key can't find any private key!
    dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

    dissect_ssl enter frame #6 (first time)
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 86
    dissect_ssl3_record found version 0x0303(TLS 1.2) -> state 0x11
    dissect_ssl3_record: content_type 22 Handshake
    decrypt_ssl3_record: app_data len 81, ssl state 0x11
    packet_from_server: is from server - TRUE
    decrypt_ssl3_record: using server decoder
    decrypt_ssl3_record: no decoder available
    dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86 
    dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
    ssl_restore_session can't find stored session
    trying to use SSL keylog in 
    failed to open SSL keylog
      cannot find master secret in keylog file either
    dissect_ssl3_hnd_srv_hello found CIPHER 0x0005 -> state 0x17
    dissect_ssl3_hnd_srv_hello trying to generate keys
    ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
    dissect_ssl3_hnd_srv_hello can't generate keyring material

    dissect_ssl enter frame #7 (first time)
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 6
    dissect_ssl3_record: content_type 20 Change Cipher Spec
    dissect_ssl3_change_cipher_spec
    packet_from_server: is from server - TRUE
    ssl_change_cipher SERVER

    dissect_ssl enter frame #9 (first time)
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 41
    dissect_ssl3_record: content_type 22 Handshake
    decrypt_ssl3_record: app_data len 36, ssl state 0x17
    packet_from_server: is from server - TRUE
    decrypt_ssl3_record: using server decoder
    decrypt_ssl3_record: no decoder available
    dissect_ssl3_handshake iteration 1 type 203 offset 5 length 9339809 bytes, remaining 41 

    dissect_ssl enter frame #10 (first time)
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 47
    dissect_ssl3_record: content_type 20 Change Cipher Spec
    dissect_ssl3_change_cipher_spec
    packet_from_server: is from server - FALSE
    ssl_change_cipher CLIENT
      record: offset = 6, reported_length_remaining = 41
    dissect_ssl3_record: content_type 22 Handshake
    decrypt_ssl3_record: app_data len 36, ssl state 0x17
    packet_from_server: is from server - FALSE
    decrypt_ssl3_record: using client decoder
    decrypt_ssl3_record: no decoder available
    dissect_ssl3_handshake iteration 1 type 237 offset 11 length 3359662 bytes, remaining 47 

    dissect_ssl enter frame #11 (first time)
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 776
    dissect_ssl3_record: content_type 23 Application Data
    decrypt_ssl3_record: app_data len 771, ssl state 0x17
    packet_from_server: is from server - FALSE
    decrypt_ssl3_record: using client decoder
    decrypt_ssl3_record: no decoder available
    association_find: TCP port 3204 found 00000000
    association_find: TCP port 443 found 05363358

    dissect_ssl enter frame #13 (first time)
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 1460
      need_desegmentation: offset = 0, reported_length_remaining = 1460

    dissect_ssl enter frame #23 (first time)
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 10305
    dissect_ssl3_record: content_type 23 Application Data
    decrypt_ssl3_record: app_data len 10300, ssl state 0x17
    packet_from_server: is from server - TRUE
    decrypt_ssl3_record: using server decoder
    decrypt_ssl3_record: no decoder available
    association_find: TCP port 443 found 05363358

    dissect_ssl enter frame #24 (first time)
      conversation = 05EA68F0, ssl_session = 05EA6D14
      record: offset = 0, reported_length_remaining = 30
    dissect_ssl3_record: content_type 23 Application Data
    decrypt_ssl3_record: app_data len 25, ssl state 0x17
    packet_from_server: is from server - TRUE
    decrypt_ssl3_record: using server decoder
    decrypt_ssl3_record: no decoder available
    association_find: TCP port 443 found 05363358

    dissect_ssl enter frame #28 (first time)
    ssl_session_init: initializing ptr 05EA8568 size 592
      conversation = 05EA8328, ssl_session = 05EA8568
      record: offset = 0, reported_length_remaining = 1

    dissect_ssl enter frame #9 (already visited)
      conversation = 05EA68F0, ssl_session = 00000000
      record: offset = 0, reported_length_remaining = 41
    dissect_ssl3_record: content_type 22 Handshake
    dissect_ssl3_handshake iteration 1 type 203 offset 5 length 9339809 bytes, remaining 41 

    dissect_ssl enter frame #10 (already visited)
      conversation = 05EA68F0, ssl_session = 00000000
      record: offset = 0, reported_length_remaining = 47
    dissect_ssl3_record: content_type 20 Change Cipher Spec
    dissect_ssl3_change_cipher_spec
      record: offset = 6, reported_length_remaining = 41
    dissect_ssl3_record: content_type 22 Handshake
    dissect_ssl3_handshake iteration 1 type 237 offset 11 length 3359662 bytes, remaining 47 

    dissect_ssl enter frame #11 (already visited)
      conversation = 05EA68F0, ssl_session = 00000000
      record: offset = 0, reported_length_remaining = 776
    dissect_ssl3_record: content_type 23 Application Data
    association_find: TCP port 3204 found 00000000
    association_find: TCP port 443 found 05363358

    dissect_ssl enter frame #7 (already visited)
      conversation = 05EA68F0, ssl_session = 00000000
      record: offset = 0, reported_length_remaining = 6
    dissect_ssl3_record: content_type 20 Change Cipher Spec
    dissect_ssl3_change_cipher_spec

    dissect_ssl enter frame #6 (already visited)
      conversation = 05EA68F0, ssl_session = 00000000
      record: offset = 0, reported_length_remaining = 86
    dissect_ssl3_record: content_type 22 Handshake
    dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86 

    dissect_ssl enter frame #4 (already visited)
      conversation = 05EA68F0, ssl_session = 00000000
      record: offset = 0, reported_length_remaining = 240
    dissect_ssl3_record: content_type 22 Handshake
    dissect_ssl3_handshake iteration 1 type 1 offset 5 length 231 bytes, remaining 240 

如何获取私钥?从https://security.stackexchange.com/questions/20789/ssl-decryption-in-wireshark,“解密你需要私钥。服务器的证书,作为SSL连接的初始步骤(”握手“)的一部分发送,只包含公钥(这不足以解密)。“,它是说实话吗?

0 个答案:

没有答案