Log in Go to the main page Page Discussion History Go to the file list Go to the site toolbox Bookmark and Share

Using Wireshark to Decrypt SSL/TLS Packet Data

From RZWiki


Image:wireshark-extralarge.png

Wireshark is capable of decrypting SSL or TLS encrypted data in packets captured in any supported format. The configuration required to do so is detailed below;

Contents

Image:emblem-default-medium.png Prerequisites

noinclude/noinclude

On Linux systems WireShark must be compiled against Gnu-TLS, not OpenSSL or some other encryption suite.

The private key used to encrypt the data must be available to the system running Wireshark.

The private key file must be in the PEM format. (If it's not see the Convert File Formats, Using OpenSSL article.)

The private key file should only contain the private key, not the public key (PEM files frequently contain both.)

The private key file must not have a passphrase. (If it has see the Remove A Key File Passphrase, Using OpenSSL article.)

font color=redRSA keys are being used to encrypt data.

The use of a Diffie-Hellman Ephemeral (DHE) cipher suite is not negotiated between the two hosts.

The capture must include both 'sides' of a conversation. In other words, the capture must include the full client and server exchange.

The capture must include the initial SSL/TLS session establishment./font

Image:preferences-system-medium.png Configuring Wireshark to Decrypt Data

Click EditPreferences...

Select Protocols and scroll down and select SSL

In the RSA Keys List enter the following binding information: ip_address,ssl_port_used,protocol_used,private_key_file

  • ip_address is the IP address of the host that holds the private key used to encrypt the data (i.e. the encrypting host)
  • ssl_port_used is the destination port used to communicate with the host that holds the private key used to encrypt the data (i.e. the encrypting host listening port)
  • protocol used is the protocol encrypted by SSL or TLS, for instance, the protocol encrypted over a HTTPS web connection is HTTP
  • private_key_file is the file system path and file name of the private key file that will be used to decrypt the data

Here's a sample binding for a Windows system: font color=blue1.1.1.1,443,http,c:\networkstuff.key/font

I believe a wildcard IP address of 0.0.0.0 and wildcard SSL port of 0 can be used.

All binding fields should be comma seperated. Multiple bindings can be specified and should be seperated with a semi-colon ';'

Optionally, enter the path and file name of a debug file that you might find useful in helping you diagnose any issues with the decryption. Note this may slow down the initial load of the capture file.


Image:Help-browser-medium.png Notes Issues

  • Wireshark can only decrypt SSL/TLS packet data if RSA keys are used to encrypt the data. If a Diffie-Hellman Ephemeral (DHE) cipher suite is used, the RSA keys are only used to secure the DH exchange, not encrypt the data. Thus, even if you have the correct RSA private key, you will not be able to decrypt the data with Wireshark or any other tool. You can check which cipher suite is being used by examining the Hello packet sent by the host that holds the private key, if the cipher suite specified begins TLS_DHE, you will not be able to decrypt the data. In this instance, your only option (if possible) is to modify either the client or server configuration so that DHE cipher suites are not used.
  • For Firefox, enter this URL in the address bar: about:config, click the warning button and then enter this in the filter bar: security.ssl3.dhe. Set each preference displayed to: false and then filter again for security.ssl3.ecdhe and do the same again.
  • The issue detailed above may also occur with exportable RSA cipher suites (those using keys under 1024 bits in size.
  • Wireshark can only decrypt SSL/TLS packet data if the capture includes both 'sides' of a conversation. In other words, the capture must include the full client and server exchange.
  • Wireshark can only decrypt SSL/TLS packet data if the capture includes the initial SSL/TLS session establishment.
  • Ensure the IP address used in the key list binding is the IP address as seen in the capture. Due to NATting this may not be the IP the client uses or the server's real IP address.
  • For Linux users, if you don't have the Key List option (and entry box) available, it's likely Wireshark was not compiled against GnuTLS. You can check this by running the command wireshark -v. The output should include GnuTLS and GCrypt, if it doesn't, reconfigure Wireshark with --with-gnutls, recompile and reinstall.
  • Check your private key file contains the correct header and footer, as shown below, and no others;
Header:
-----BEGIN RSA PRIVATE KEY-----
Footer:
-----END RSA PRIVATE KEY-----

Image:icemon-medium.png Related Articles

You might find the command line tool tcpdump a simpler alternative to Wireshark, when capturing packets at least. Wireshark themselves have now created tshark, the CLI version of Wireshark.

If you're running Linux, also consider ssldump, further information can be found here: http://www.rtfm.com/ssldump/

If you're trying to troubleshoot HTTP issues, you may be better off running iehttpheaders for IE or LiveHTTPHeaders for Firefox, on the client browser.

See these articles for more information on private key file format conversion, confirmation and passphrase removal;

Refer to the OpenSSL category for futher information on OpenSSL usage.

Refer to the OpenSSL Commands category for futher information on available OpenSSL commands.

Image:internet-group-chat-small.png We really do appreciate all feedback so please do send your comments, suggestions or corrections to sjiveson#routerzone.eu 
(replacing the # with an @)


Retrieved from "http://www.routerzone.eu/wiki/index.php/Using_Wireshark_to_Decrypt_SSL/TLS_Packet_Data"

Site Toolbox:

Personal tools
This page was last modified on 8 December 2009, at 18:53. - Disclaimers - About RZWiki
Powered by MediaWiki