How to log TLSv1.3 keys in JSSE for Wireshark to decode traffic
I've been (successfully) looking at TLSv1.2 traffic in Wireshark via a key logfile. But I'd like to do something similar to TLSv1.3.
https://github.com/square/okhttp/pull/6060
This follows the approach described here https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites
I'm wondering if anyone has similar working with Java JSSE for TLSv1.3?
I know I need to log CLIENT_EARLY_TRAFFIC_SECRET, CLIENT_HANDSHAKE_TRAFFIC_SECRET, SERVER_HANDSHAKE_TRAFFIC_SECRET, CLIENT_TRAFFIC_SECRET_0 or SERVER_TRAFFIC_SECRET_0. But I'm not sure of the right hooks in JSSE.
Found prior art on https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret
Specifically
https://github.com/neykov/extract-tls-secrets
and
Found prior art on https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret
Specifically
https://github.com/neykov/extract-tls-secrets
and
http://jsslkeylog.sourceforge.net/
For The github project, download https://repo1.maven.org/maven2/name/neykov/extract-tls-secrets/4.0.0/extract-tls-secrets-4.0.0.jar
Then run the following command before it attempts to connect. The sample program for OkHttp prints the PID and then has a 10 second delay for this reason.
$ java -jar ~/Downloads/extract-tls-secrets-4.0.0.jar list
$ java -jar ~/Downloads/extract-tls-secrets-4.0.0.jar <pid> /tmp/secrets.log
- Filter by process/PID in Wireshark
- whatsapp sniffing ssl traffic with wireshark
- Why Wireshark display filter does not show http packets?
- Purebasic Windows TCP filter specific package easiest way?
- Lua conditional evaluation of new language operators
- Comma separated IP addresses in TShark output
- Error "cannot open display" when starting wireshark on Ubuntu command line
- Replay IHeartRadio station URL in Python
- Scapy fails to send ipv6 packets
- Capturing Network Router Traffic with Wireshark
- text2pcap is not detecting the below format
- Wireshark HTTP2 Prior Knowledge HTTP Request not showing
- wireshark - pcap timestamp date format
- Writing a protocol dissector with Lua does not autocomplete the Proto class
- How to access a previously extracted field in a chained Lua dissector?
- How to force Wireshark's all_field_infos() function gather all the fields?
- How to test which version of TLS my .NET client is using?
- How can i export file from wireshark to display not in hex format
- Strange base64 python decoding
- Merging/appending multiple pcap files to an existing one without overwriting
- Converting pcap format from LINKTYPE_LINUX_SSL to LINKTYPE_ETHERNET
- Jitter values for TCP Streams in Wireshark?
- Facing Issue while writing data to a pcap file using C language
- Azure functions read, process and save file on arrival in blob
- swinging of RTSP streams bandwidth?
- mitmproxy: SSL keys not decrypting in Wireshark
- Extracting TCP data with Scapy
- Using Wireshark Field Occurrence in Display Filter
- Raw socket not capturing DHCP packets on correct interface but Wireshark is
- Wireshark, monitor certain process/task or prevent ordinary packets be monitored