Skip to content

TLSLog is a golang library which stores SSL/TLS (Key-Exchange method must be ECDHE) master key and client random in NSS key log format that can be used for aplication data decryption using Wireshark

License

Notifications You must be signed in to change notification settings

123hurray/tlslog

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

#TLSLog

license

Introduction

TLSLog is a Golang library used to debug SSL application data for Wireshark.

If ECDHE is used in Key-Exchange, Wireshark cannot decrypt the application data only by set the server private key. But Wireshark supports NSS key log format that store all information needed in application data decryption process.

NSS key log format is supported by Chrome and Firefox but not Golang. When using Golang crypto/tls library, it's difficult to debug encrypted data sent and received by SSL.

But Golang crypto/tls library does store these information internally. Thus, TLSLog hooks config.Rand and uses reflection to get master secret from crypto/tls library.

CAUTION:Only client side function is implemented, which means that TLSLog can not be used to build a SSL server.

Usage

Install

go get github.com/123hurray/tlslog/tlslog.go

Dial

Dial is the most commonly way to build an SSL client.

config := tls.Config{InsecureSkipVerify: true}

// Get a TLSLog
tlsLog, err := NewTLSLog("log.txt")
if err != nil {
	fmt.Println("Unable to create TlsLog:", err.Error())
}

// Use TLSLog.Dial instead of tls.Dial
conn, err := tlsLog.Dial("tcp", "127.0.0.1:32123", &config)

// conn is tls.Conn, just used as is documented in tls library

Client

Client is another way to build an SSL client.

config := tls.Config{InsecureSkipVerify: true}
tlsLog, err := NewTLSLog("log.txt")
// Make net.conn
c, s := net.Pipe()
// use TLSLog.Client instead of tls.Client
logCli := tlsLog.Client(c, &config)
// Do handshake
conn, err = logCli.Handshake()
// conn is tls.Conn, just used as is documented in tls library

Decrypt application data using Wireshark

See the articles below:

TODO

  • Server side key log

About

TLSLog is a golang library which stores SSL/TLS (Key-Exchange method must be ECDHE) master key and client random in NSS key log format that can be used for aplication data decryption using Wireshark

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages