Python decrypt TLS traffic

Question

I'm trying to decode SIP TLS v1.0 traffic which uses a known port (TCP 5061). I do have access to my private key to extract the information (TCP raw data) I have created my code to access TCP traffic and I can read that info right now.

packet = socket.recv(sipLocatorConfig.NETWORK_TCP_MAX_SIZE)

My goal is to be able to read encrypted traffic (which I can already) and decrypt it with my private key so I can analyze it after that. How to convert TLS to TCP/raw data? I was able to start SSL Server, but how to parse raw data using SSL library.

import socket
from OpenSSL import SSL

context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file('key')
context.use_certificate_file('cert')

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = SSL.Connection(context, s)
s.bind(('', 12345))
s.listen(5)

(connection, address) = s.accept()
while True:
    print repr(connection.recv(65535))

score 0 · Accepted Answer · edited May 23 '17 at 10:29

0

Writing a python script to decrypt the raw capture is a huge task. I suggest you give wireshark a try, it is a graphical network analyzer that can already decrypt SSL / TLS when you have the key.

Keep in Mind: Perfect forward secrecy can prevent decryption in both wireshark and scripts. See Decrypting HTTPS traffic in Wireshark not working

edited May 23 '17 at 10:29

Community

1
1

answered Feb 17 '14 at 15:28

Stephan B

3,671
20
33

Python decrypt TLS traffic

1 Answers1