Wireshark · Wireshark-dev: [Wireshark-dev] About decoding the https packets.

Wireshark-dev: [Wireshark-dev] About decoding the https packets.

From: nilesh <nilesh.tayade@xxxxxxxxxxxx>

Date: Wed, 21 Sep 2011 17:57:42 +0530

Hi,

I am implementing a packet parser to capture the application data on wire.

In case of https, the application data is encrypted, usually with TLS1.0etc. I am keen to get any hint on the approach that I should follow.


* TLS1.0 in brief:
-------------------
I have gone through the RFC of TLS1.0. And below is how it works:

1. Exchange the encryption information, premaster-secret and keys usingpublic key encryption (hello-messages).

2. Also the Random bytes are exchanged.

3. Generate locally the 'master-secret' using the 'premaster-secret' andrandom bytes.

4. Use the 'master-secret' to create below six keys:
	client/server write keys (for encrypt/decrypt).
	client/server MAC (msg digests for message integrity).
	client/server IV (initialization vectors for block ciphers).

* Queries:
-----------

1. How does Wireshark decode https packets currently? Does it alsolocally generate the six keys mentioned above?2. I will have the server private key, but will my parser also have toperform the steps to generate 'master-secret' and locally generate six keys?


Any pointers will be appreciated.


--
Thanks,
Nilesh

Prev by Date: Re: [Wireshark-dev] Ready to remove all non-ui-manager code?
Next by Date: [Wireshark-dev] AthTek NetWalk
Previous by thread: Re: [Wireshark-dev] OpenSafety bug - how to fix?
Next by thread: [Wireshark-dev] AthTek NetWalk
Index(es):
- Date
- Thread