I am able to decrypt SSL packets in wireshark(GUI) using the private keys. In the same manner how to decrypt packets using PyShark (Programmatically). Is there any other way to do same task using any different programmatic approach ?
Asked
Active
Viewed 1,887 times
1 Answers
0
This is not tested but override_prefs will let you add custom flags to tshark or override some:
.- you can pass a dictionary to override_prefs attribute like
def create_ssl_override(ssl_key_path, server='127.0.0.1', port='443',
protocol='http', ssl_debug_file='ssl_debug.log'):
ssh_key_info = '{server},{port},{protocol},{pem_path}'.format(
server=server, port=port, protocol=protocol, pem_path=pem_path)
return {
'ssl.desegment_ssl_records': 'TRUE',
'ssl.desegment_ssl_application_data': 'TRUE',
'tcp.desegment_tcp_streams': 'TRUE',
'ssl.keys_list': ssl_key_info,
'ssl.debug_file': ssl_debug_file
}
ssl_overrides = create_ssl_override('my_server_key_file.pem')
So when creating your capture object pass override_prefs=ssl_overrides as one of the arguments. Again I have not tested this and I'm not sure pyshark would be able to work with the ssl xml output but try it.
If not tshark directly (example from https://wiki.wireshark.org/SSL)
tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 127.0.0.1,4443,http,/home/dirkx/xx/privkey.pem" -o "ssl.debug_file: /home/dirkx/.wireshark-log" -i eth0 -R "tcp.port == 4443"
Totoro
- 867
- 9
- 10