Ask Your Question
0

Help decrypting TLS between socket client and server

asked 2019-06-12 18:18:24 +0000

NotionCommotion gravatar image

updated 2019-06-15 18:55:05 +0000

I built a socket server and socket client whose sole purpose is to communicate back and forth using TLS so I can learn how to decrypt the communication using Wireshark. While both are on the same Linux box, I will later use different machines, and they will pass back and form JSON. I've been really struggling on this and would very much appreciate some help. I've included everything I could think of but if I am missing something, please let me know. Thank you, thank you, thank you in advance.

The client has the server's certificate and the server has both the certificate and private key, and a passphrase is not being used, and I have included how I created the keys as well as the actual keys at the end of this post.

The following communication successfully occurs between the server and client.

Client connects to Server.
Server sends message to Client:
    Hello tls://127.0.0.1:38280!
    Welcome to this amazing server!
    Here's a tip: don't say anything.
Client sends message to Server:
    Hello server, how are you?
Server disconnects client.

I captured it using tshark on the remote Linux box using the following command and moved the pcap file to my Windows PC which is running wireshark Version 3.0.1 (see details shown at the end of this post) and also copied the server's private key to the Windows PC.

tshark -w /var/www/testing/public/test/filename.pcap -P -f "port 8080" -i lo

I went to Edit/Preferences/Protocols/TLS, clicked Edit near RSA Keys List, and added the private key (I also added IP 127.0.0.1, port 8080, and protocol data even though it is my understanding that Wireshark ignores it). I think this used to work before people used forward secrecy, but no longer does, and https://redflagsecurity.net/2019/03/1... a solution for using Firefox or Chrome to log the symmetric key and configure Wireshark's (Pre)-Master-Secrete log filename to point to it. This doesn't work for me, however, as both machines are headless and are not using browsers to access the data. Maybe some other means to capture the symmetric key is possible?

The output is below. As far as I can tell, nothing has been decrypted and I cannot find any text other than regarding the rsa key.

image description

The debug log is listed below (however, I removed some of the repeated checking as it was originally 394kb).

Any recommendations? Thank you!

EDIT 6/15/2019 11:54 AM

Looks like the pem key is not needed when using the master secret, right? Any ideas what I am doing wrong? I am not certain when I need to get the session key so am doing both before and after I run the capture. As far as I can tell, nothing is decrypted. I see a note how the (pre-)master secret is empty which seems important, and other ... (more)

edit retag flag offensive close merge delete

Comments

The TLS session is using DHE key exchange so the RSA private key from the server isn't relevant:

ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

To decypt such a session requires the pre-master secret from the SSLKEYLOGFILE. Your debug log seems to be indicating a match, not sure why it's not decrypting. Can you share the capture and the sslkeylog.log file on a public share somewhere?

grahamb gravatar imagegrahamb ( 2019-06-12 18:53:56 +0000 )edit

@grahamb. Why no match? Because I wasn't thinking and the sslkeylogfile is related to my window's PC and not the remote linux client connecting to the remote linux server.

NotionCommotion gravatar imageNotionCommotion ( 2019-06-15 11:19:34 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-06-13 23:37:13 +0000

Lekensteyn gravatar image

updated 2019-06-13 23:38:23 +0000

As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite:

ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x17

These suites cannot be decrypted using a private RSA key file. You can try the sslkeylog library from https://git.lekensteyn.nl/peter/wireshark-notes/tree/src.

git clone https://git.lekensteyn.nl/peter/wireshark-notes.git
cd wireshark-notes/src
make
./sslkeylog.sh php -r 'echo file_get_contents("https://example.com/x");'

This will print the TLS key log file line to standard error by default as you can see:

CLIENT_RANDOM 96e6af926f2ee9698ec229c92cadec92db676e21c92f0236168dba78ce82c93b 92a7bb79232db67a252b62548fbcf9bf11e9ba941be57bc69028ecece406b260386203f22b3af25ed3cf2b0fe928af2a
PHP Warning:  file_get_contents(https://example.com/x): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found
 in Command line code on line 1

To write it to a file, do something like this first:

export SSLKEYLOGFILE=$PWD/keys.txt

The resulting file can be configured in Wireshark at Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename.

See also https://wiki.wireshark.org/TLS#TLS_Decryption.

edit flag offensive delete link more

Comments

Thanks Lekeensteyn,

The server currently doesn't have openssl and I got ssl.h no such file error. Client however does and get the pre master secret key (actually, it prints identical twice). Is this key used for both the client and server?

Also, a little off topic, but do you know how to unset the Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename value? Originally, it was blank and I got an error stating that the DH cipher couldn't be decrypted as I now know is expected. Then I incorrectly set this to my windows PC's sslkeylogfile which was obviously wrong. Then made it blank, but get a sslkeylogfile is not set error. Wanted to get the exact error when it wasn't set.

NotionCommotion gravatar imageNotionCommotion ( 2019-06-15 11:32:59 +0000 )edit

I've tried your recommendations but no success. I edited my original post and showed the steps I did and the log output. Could it have something to do with self signed certificates? Also, just to be crystal clear, you understand that there is no browser involved in this, right? Thanks again for your help.

NotionCommotion gravatar imageNotionCommotion ( 2019-06-15 18:57:33 +0000 )edit

Building libsslkeylog.so requires OpenSSL development headers which you can install with yum install openssl-devel as root on CentOS.

I am able to unset the (Pre)-Master-Secret log filename by removing the contents of that field. If you clear this field, then the "ssl_load_keyfile dtls/tls.keylog_file is not configured!" message is expected.

Can you either attach the capture, or post the Random field from the Client Hello? The debug log suggests that the keys from the key log file could not be matched against the Client Hello Random field which seems odd.

Lekensteyn gravatar imageLekensteyn ( 2019-06-15 19:21:04 +0000 )edit

@Lekensteyn 1) openssl-devel. Understood and thanks. 2) Expected keylog_file is not configured. Understood and thanks. 3) Random field from Client Hello. I see 4 0.080873259 10.120.11.32 73.207.70.361 TLSv1.2 583 Client Hello, but not sure where the random field is.

NotionCommotion gravatar imageNotionCommotion ( 2019-06-17 00:30:21 +0000 )edit

If you open the packet capture in Wireshark, you will find it in the packet details: Screenshot of packet details for TLS Client Hello

Lekensteyn gravatar imageLekensteyn ( 2019-06-19 01:06:13 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-06-12 18:18:24 +0000

Seen: 3,714 times

Last updated: Jun 15 '19

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2