Ask Your Question
0

Can't decrypt TLS from a specific python library

asked 2023-09-14 18:38:32 +0000

jeanmarc gravatar image

updated 2023-09-14 18:42:00 +0000

Hello, I have a problem. I'm using Wireshark 4.0.8. I created my ssl file to store my "(pre)-master-secrets log filename". I can thus decrypt TLS from my browser or from different python libraries without problem. But I cannot decrypt the TLS when my requests are made with the TLS-CLIENT python library (https://github.com/FlorianREGAZ/Python-Tls-Client) which allows the use of HTTP/2 and TLS fingerprints of real browsers.

However, I manage to decrypt the requests made with Curl-CFFI ("curl-impersonate" but for python) (https://github.com/yifeikong/curl_cffi) which also copies the HTTP and TLS fingerprints of real browsers. Does anyone have an idea why I can't decrypt TLS when I use the "TLS-Client" python library? (I'm not sure, but it seems that pre master secrets are not written to my ssl file when using this specific library). Port number 443 on the server is used for the encrypted TLS

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-09-15 06:50:26 +0000

SYN-bit gravatar image

When there are no keys written, then the library probably does not support the SSLKEYLOGFILE environment variable for logging the keys. You could ask for support to be added, but when I look at the mentioned github page, all TLS functions are imported through libraries, so theses libraries should add support for it.

edit flag offensive delete link more

Comments

Thanks for your reply. Yes, this python library is based on a Golang github repo (https://github.com/bogdanfinn/tls-client). I tried Mitmproxy but it doesn't intercepts requests made from this python library. Someone advised me to give Frida a try (https://frida.re)

jeanmarc gravatar imagejeanmarc ( 2023-09-15 17:53:31 +0000 )edit

@jeanmarc You can try proxying the traffic from the python TLS library with PolarProxy if you want to get decrypted traffic in PCAP format, so that you can analyze it in Wireshark.

A drawback of using a TLS proxy is that you need to configure the TLS client to trust the root certificate used by the proxy. Here's a good writeup that tells you how to add trust for a root CA to Python as well as Go: https://blog.ropnop.com/proxying-cli-...

ErikH gravatar imageErikH ( 2023-09-19 13:55:45 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-09-14 18:38:32 +0000

Seen: 591 times

Last updated: Sep 15 '23