如何用wireshark解密ssl报文的文档.pdfVIP

如何用 wireshark 解密 ssl 报文的文档 当用 bigip 作 ssl 加速时，客户端的 tcpdump 是加密报文，无法看到应用层消息， 如果可以拿到 bigip 上的 key 的话，可以按以下方法用wireshark 将它解开： How to decrypt SSL and TLS traffic using Wireshark Summary This article describes how to decrypt SSL and TLS traffic using the Wireshark Network Protocol Analyser. Requirements • An understanding and general knowledge of: – Network Traces – Networking, TCP/IP and SSL/TLS protocols – Certificates and the use of Public Private Keys – The Wireshark Network Protocol Analyser • Wireshark software compiled with SSL decryption support • Decrypted private key of the server or appliance in PKCS#8 PEM format (RSA) Background In Wireshark, the SSL dissector is fully functional and supports advanced features such as decryption of SSL, if the encryption key is provided. This is useful when troubleshooting Citrix products that use SSL or TLS encryption. Procedure Wireshark Settings 1. Start Wireshark and open the network capture (encrypted SSL should look like the screenshot below). 2. From the top menu select Edit Preferences. 3. When the Preferences window opens, expand Protocols. 4. Scroll down and select SSL. 5. In the space labeled RSA keys list, provide the following information in the format ip,port,protocol,key_file_name (see also the screenshot above). Where: ip is the IP Address of the server / appliance with the private key port is usually 443 for SSL/TLS protocol is usually HTTP key_file_name is the location and file name of the private key Note: There are no spaces between the colons. Also, using semicolons to separate the entries, a list of private RSA keys can be entered and used for decryption. “ip,port,protocol,key_file_name;ip,port,protocol,key_ file_name;ip,port,protocol,key_file_name” 6. In the space labeled SSL debug file provide a location and file name for a debug file. 7. Select OK 8. The SSL traffic should now be decrypted (decrypted SSL should look like the screenshot below). Pri