# cat /etc/centos-release
CentOS release 6.3 (Final)
# uname -ri
2.6.32-279.2.1.el6.x86_64 x86_64
|
# wget ftp.scientificlinux.org/linux/scientific/6.0/x86_64/os/Packages/epel-release-6-5.noarch.rpm
# rpm -ivh epel-release-6-5.noarch.rpm
# yum update -y
# yum install ssldump
# ssldump -v
ssldump 0.9b3
Copyright (C) 1998-2001 RTFM, Inc.
All rights reserved.
Compiled with OpenSSL: decryption enabled
|
# ssldump -i eth0 port 443
New TCP connection #1: 192.168.10.15(44718) <-> 192.168.10.35(443)
1 1 0.0008 (0.0008) C>S Handshake
ClientHello
Version 3.1
cipher suites
Unknown value 0xc014
Unknown value 0xc00a
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Unknown value 0x88
Unknown value 0x87
Unknown value 0xc00f
Unknown value 0xc005
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0x84
Unknown value 0xc012
Unknown value 0xc008
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc00d
Unknown value 0xc003
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc013
Unknown value 0xc009
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Unknown value 0x9a
Unknown value 0x99
Unknown value 0x45
Unknown value 0x44
Unknown value 0xc00e
Unknown value 0xc004
TLS_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x96
Unknown value 0x41
Unknown value 0xc011
Unknown value 0xc007
Unknown value 0xc00c
Unknown value 0xc002
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
Unknown value 0xff
compression methods
1 2 0.0010 (0.0001) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
de a8 c3 01 a5 8b 81 63 c4 bd 39 b5 0b 25 bc 26
b5 8c 0d 91 cf e4 54 68 3b 3c cd 1c 62 de 0e f0
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
1 3 0.0010 (0.0000) S>C Handshake
Certificate
1 4 0.0010 (0.0000) S>C Handshake
ServerHelloDone
1 5 0.0026 (0.0016) C>S Handshake
ClientKeyExchange
1 6 0.0026 (0.0000) C>S ChangeCipherSpec
1 7 0.0026 (0.0000) C>S Handshake
1 8 0.0062 (0.0036) S>C ChangeCipherSpec
1 9 0.0062 (0.0000) S>C Handshake
1 10 0.0071 (0.0008) C>S application_data
1 11 0.0157 (0.0085) S>C application_data
1 0.0172 (0.0014) C>S TCP FIN
1 0.0172 (0.0000) S>C TCP FIN
|
decrypt SSL traffic using a private key.
# ssldump -i eth0 -Ad -k test-ssl.private -i eth0
New TCP connection #1: 192.168.10.15(44721) <-> 192.168.10.35(443)
1 1 0.0009 (0.0009) C>S V3.1(204) Handshake
ClientHello
Version 3.1
random[32]=
50 29 e1 75 3f d7 ae 0e 1e a7 fb 56 71 3d ea 0a
f5 2d d6 e6 b6 1a 71 4c 86 6c 93 ab 16 4b 0e 4d
cipher suites
Unknown value 0xc014
Unknown value 0xc00a
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Unknown value 0x88
Unknown value 0x87
Unknown value 0xc00f
Unknown value 0xc005
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0x84
Unknown value 0xc012
Unknown value 0xc008
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc00d
Unknown value 0xc003
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc013
Unknown value 0xc009
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Unknown value 0x9a
Unknown value 0x99
Unknown value 0x45
Unknown value 0x44
Unknown value 0xc00e
Unknown value 0xc004
TLS_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x96
Unknown value 0x41
Unknown value 0xc011
Unknown value 0xc007
Unknown value 0xc00c
Unknown value 0xc002
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
Unknown value 0xff
compression methods
1 2 0.0011 (0.0002) S>C V3.1(81) Handshake
ServerHello
Version 3.1
random[32]=
50 29 e1 72 d3 eb 0c b0 88 a0 95 91 23 7c 59 61
0b 0a 00 28 6d 9a e9 7e 83 40 32 7f c9 97 be 25
session_id[32]=
e7 30 e6 d2 8e 15 77 b1 e0 d0 46 d6 d8 05 e1 11
71 35 60 c2 a6 58 45 0a e9 22 5a fb 29 1b c4 80
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
1 3 0.0011 (0.0000) S>C V3.1(799) Handshake
Certificate
1 4 0.0011 (0.0000) S>C V3.1(4) Handshake
ServerHelloDone
1 5 0.0027 (0.0015) C>S V3.1(262) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[256]=
57 e2 4f 1c 95 5d fe b8 5a 8e 30 18 b8 e8 68 38
84 c2 65 d6 98 64 45 bd 38 42 6d e0 79 cb 7a 40
f9 c3 65 00 4a 63 b0 9d dd 01 b5 89 43 d2 2d 68
dd b8 93 02 d2 15 9e 5c 6c 0c 8e 70 4a cb 06 1f
eb 26 40 1c 46 cb d0 43 2e c5 77 59 06 23 2d c5
85 72 9c 5a eb 41 d0 0d 2a a3 52 da 09 0d 39 cb
dd ad 1a ca 43 ba 49 be 5e a9 52 53 43 c7 9d 13
3d 5d 47 ff ca 5e ff ab 70 87 eb 52 15 6f d1 f9
18 af 25 f9 5a bd f9 62 31 71 61 54 9d b0 ed d7
8d ee e5 aa a0 45 c0 de 7c 9d 22 85 4c 1c 41 ba
60 16 ff 5b 1f 2a 84 3c fd 27 e9 5f 8a fa 19 95
e7 ef ff d8 52 dd c8 73 7b 18 64 65 e9 54 13 92
65 45 1b eb 7a cd 24 bb 0e 8d 10 77 c4 5c ee 9a
92 b8 dc 70 81 bb 2e 44 04 b4 a9 76 43 f6 c6 fc
bd 69 05 11 21 52 5b 5b 12 3d 32 18 d1 6f d6 20
98 57 f1 e6 8c f8 a3 60 3e 4b 89 82 96 e2 6e 6b
1 6 0.0027 (0.0000) C>S V3.1(1) ChangeCipherSpec
1 7 0.0027 (0.0000) C>S V3.1(36) Handshake
Finished
verify_data[12]=
b2 7c 53 3f e5 03 85 e0 43 96 a1 a9
1 8 0.0060 (0.0033) S>C V3.1(1) ChangeCipherSpec
1 9 0.0060 (0.0000) S>C V3.1(36) Handshake
Finished
verify_data[12]=
9b cd b0 1a 42 8f e4 a5 40 cf 65 8e
1 10 0.0071 (0.0010) C>S V3.1(131) application_data
---------------------------------------------------------------
GET / HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: 192.168.10.35
Connection: Keep-Alive
---------------------------------------------------------------
1 11 0.0141 (0.0069) S>C V3.1(447) application_data
---------------------------------------------------------------
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Aug 2012 05:26:11 GMT
Accept-Ranges: bytes
ETag: "400c9-a-4c037d8b92dd1"
Connection: Keep-Alive
Set-Cookie: X-Mapping-eiakmicn=17EDFFA1AF4047596F35E5829DF54440; path=/
Set-Cookie: X-Mapping-eiakmicn=17EDFFA1AF4047596F35E5829DF54440; path=/
Last-Modified: Thu, 17 May 2012 09:13:18 GMT
Content-Length: 10
centos6-4
---------------------------------------------------------------
1 0.0160 (0.0018) C>S TCP FIN
1 0.0161 (0.0000) S>C TCP FIN
|
In case of Ubuntu / Mint , you can install it via apt-get , however it seems that there is a bug.
# apt-get install –y ssldump
# apt-cache policy ssldump
ssldump:
Installed: 0.9b3-4.1
Candidate: 0.9b3-4.1
Version table:
*** 0.9b3-4.1 0
500 http://jp.archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
100 /var/lib/dpkg/status
# ssldump -v
ssldump 0.9b3
Copyright (C) 1998-2001 RTFM, Inc.
All rights reserved
|
nnn , decryption is not enabled…
- ssldump bug
ssldump does not decrypt traffic
https://bugs.launchpad.net/ubuntu/+source/ssldump/+bug/1003620
|
In case of Fedora , you can install it via yum without adding an extra repo.
[root@fc17-note ~]# yum install -y ssldump
[root@fc17-note ~]# ssldump -v
ssldump 0.9b3
Copyright (C) 1998-2001 RTFM, Inc.
All rights reserved.
Compiled with OpenSSL: decryption enabled
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.