Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → neykov → extract-tls-secrets

neykov / extract-tls-secrets

Licence: Apache-2.0 License

Decrypt HTTPS/TLS connections on the fly with Wireshark

Programming Languages

68154 projects - #9 most used programming language

77523 projects

Labels

tls ssl https wireshark decrypt

Projects that are alternatives of or similar to extract-tls-secrets

Transparent SSL/TLS interception

Stars: ✭ 1,371 (+506.64%)

Mutual labels: tls, ssl, https

docker-ssl-reverse-proxy

Easy-to-use auto-SSL reverse proxy as a Docker container based on Caddy and Let’s Encrypt

Stars: ✭ 22 (-90.27%)

Mutual labels: tls, ssl, https

TLS implementation in pure python, focused on interoperability testing

Stars: ✭ 119 (-47.35%)

Mutual labels: tls, ssl, https

letsencrypt-www

Probably the easiest way to create | renew | deploy certificate

Stars: ✭ 27 (-88.05%)

Mutual labels: tls, ssl, https

A command-line tool for testing SSL/TLS handshake latency, written in Go.

Stars: ✭ 41 (-81.86%)

Mutual labels: tls, ssl, https

Java ACME Client application

Stars: ✭ 77 (-65.93%)

Mutual labels: tls, ssl, https

🔒 Memorable site for testing clients against bad SSL configs.

Stars: ✭ 2,234 (+888.5%)

Mutual labels: tls, ssl, https

Simple HTTP golang framework

Stars: ✭ 13 (-94.25%)

Mutual labels: tls, ssl, https

《深入浅出HTTPS：从原理到实战》代码示例、勘误、反馈、讨论

Stars: ✭ 77 (-65.93%)

Mutual labels: tls, ssl, https

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

Stars: ✭ 91 (-59.73%)

Mutual labels: tls, ssl, https

Small and made-easy HTTP/HTTPS server based on Jef Poskanzer's thttpd

Stars: ✭ 69 (-69.47%)

Mutual labels: tls, ssl, https

sslcontext-kickstart

🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Av…

Stars: ✭ 295 (+30.53%)

Mutual labels: tls, ssl, https

wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!

Stars: ✭ 1,098 (+385.84%)

Mutual labels: tls, ssl, https

Easily view and inspect X.509 certificates on your iOS device.

Stars: ✭ 92 (-59.29%)

Mutual labels: tls, ssl, https

Automatic SSL renewal for NodeJS

Stars: ✭ 30 (-86.73%)

Mutual labels: tls, ssl, https

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included

Stars: ✭ 163 (-27.88%)

Mutual labels: tls, ssl, https

Ultra fast and low latency asynchronous socket server & client C# .NET Core library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and 10K connections problem solution

Stars: ✭ 799 (+253.54%)

Mutual labels: tls, ssl, https

high performance dotnet core socket tcp communication components, support TLS, HTTP, HTTPS, WebSocket, RPC, Redis protocols, custom protocols and 1M connections problem solution

Stars: ✭ 802 (+254.87%)

Mutual labels: tls, ssl, https

Tipi - the All-in-one Web Server for Ruby Apps

Stars: ✭ 214 (-5.31%)

Mutual labels: tls, ssl, https

🔐 CLI tool to analyze, troubleshoot or inspect SSL certificates, requests or keys.

Stars: ✭ 45 (-80.09%)

Mutual labels: tls, ssl, https

View All Similar Projects ➔

extract-tls-secrets

Decrypt HTTPS/TLS connections on-the-fly. Extract the shared secrets from secure TLS connections for use with Wireshark. Attach to a Java process on either side of the connection to start decrypting.

Usage

Download from extract-tls-secrets-4.0.0.jar. Then attach to a Java process in one of two ways:

Attach on startup

Add a startup argument to the JVM options: -javaagent:<path to jar>/extract-tls-secrets-4.0.0.jar=<path to secrets log file>

For example to launch an application from a jar file run:

java -javaagent:~/Downloads/extract-tls-secrets-4.0.0.jar=/tmp/secrets.log -jar MyApp.jar

To launch in Tomcat add the parameter to CATALINA_OPTS:

CATALINA_OPTS=-javaagent:~/Downloads/extract-tls-secrets-4.0.0.jar=/tmp/secrets.log bin/catalina.sh run

Attach to a runing process

Attaching to an existing Java process requires a JDK install with JAVA_HOME pointing to it.

To list the available process IDs run:

java -jar ~/Downloads/extract-tls-secrets-4.0.0.jar list

Next attach to the process by executing:

java -jar ~/Downloads/extract-tls-secrets-4.0.0.jar <pid> /tmp/secrets.log

Decrypt the capture in Wireshark

To decrypt the capture you need to let Wireshark know where the secrets file is. Configure the path in Preferences > Protocols > TLS (SSL for older versions) > (Pre)-Master-Secret log filename.

Alternatively start Wireshark with:

wireshark -o tls.keylog_file:/tmp/secrets.log

The packets will be decrypted in real-time.

For a step by step tutorial of using the secrets log file (SSLKEYLOGFILE as referenced usually) refer to the Peter Wu's Debugging TLS issues with Wireshark presentation. Even more information can be found at the Wireshark TLS page.

Requirements

Requires at least Java 6.

Building

git clone https://github.com/neykov/extract-tls-secrets.git
cd extract-tls-secrets
mvn clean package

Running the integration tests requires Docker to be installed on the system:

mvn verify

Troubleshooting

If you get an empty window after selecting "Follow/TLS Stream" from the context menu or are not seeing HTTP protocol packets in the packet list then you can fix this by either:

Save the capture as a file and open it again
In the Wireshark settings in "Procotols/TLS" toggle "Reassemble TLS Application Data spanning multiple SSL records". The exact state of the checkbox doesn't matter, but it will force a reload which will force proper decryption of the packets.

The bug seems to be related to the UI side of wireshark as the TLS debug logs show the message successfully being decrypted.

Reports of the problem:

If "Follow/TLS Stream" is not enabled the server is probably on a non-standard port so Wireshark can't infer that the packets contain TLS traffic. To hint it that it should be decoding the packets as TLS right click on any of the packets to open the context menu, select "Decode As" and add the server port, select "TLS" protocol in the "Current" column. If it's still not able to decrypt try the same by saving the capture in a file and re-opening it.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 226

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (4) 🔗