我编写了一个使用 TLS 加密的 Python 聊天客户端。服务器在一台 PC 上运行,客户端在另一台 PC 上运行。
服务器创建 SSL 密钥(server.key 和 server.crt),然后我将 server.crt 复制到客户端 PC。
客户端不会创建自己的任何 SSL 密钥。
使用 LD_PRELOAD,我在服务器 PC 上收集 SSLKEYLOGFILE。我也使用服务器 PC 上的 tcpdump 收集 pcap。
我将这两者都带到 Wireshark 来解密 pcap。
但是,只有客户端 -> 服务器数据包被解码。服务器 -> 客户端消息仍保持加密状态。这是为什么呢?
键盘记录.txt:
SERVER_HANDSHAKE_TRAFFIC_SECRET 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 83156d3d139ab2bda9fb30bc68699fadeaff736373585e9296618973b804e67b858f904b6d67d35791f154d2df1c53ec
CLIENT_HANDSHAKE_TRAFFIC_SECRET 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 d27b9286b3f209da0cfca1055cd6c5a0b7dc638a3b47b760fc52c46530c6f0129e3ab8cb97de02d708dcd78e4b8eeef6
EXPORTER_SECRET 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 a81094854b39ab0a39ab4b1d0669591024a3c05d4a8b0df0870e2df824b447b9cdd206e4f120dbeb871a0f642bff783b
SERVER_TRAFFIC_SECRET_0 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 fa8a418607881a3c78082009acded37a4f1640b6d7e4932785b071bd3dcae67aaef91ef664bb1fc1f01e22d800b11e73
CLIENT_TRAFFIC_SECRET_0 6e1c671e89c253c9670297d7af1c651236cb52ffcec31f393ff2d4c345b65b83 f90a697b55859c7144ccf34c499869cddbec964f37386ab08cf7ed137cd54c53b9c119b42fda4f37b0ba3e5a62694cf7
服务器.py:
import socket
import ssl
import argparse
# Server-side
def create_tls_server(certfile, keyfile, port):
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(certfile, keyfile)
hostname = socket.gethostname()
IPAddr = socket.gethostbyname(hostname)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
sock.bind((IPAddr, port))
sock.listen(2)
print(f"Server started on {IPAddr}:{port}. Waiting for connections...")
while True:
client_socket, addr = sock.accept() # Accept raw connection
try:
ssl_conn = context.wrap_socket(client_socket, server_side=True) # Wrap here
print(f"Connected by {addr}. Waiting for message...")
while True:
data = ssl_conn.recv(1024).decode()
if not data:
break
print(f"Received: {data}")
if data == 'bye':
break
print(">> ", end='')
response = input()
ssl_conn.send(response.encode())
except Exception as e:
print(f"Error: {e}")
finally:
ssl_conn.close()
client_socket.close() # close the connection
print(f"Connection with {addr} closed.")
break
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="TLS Server")
parser.add_argument("-p", "--port", type=int, default=8500, help="Port number")
parser.add_argument("-v", "--version", type=int, default=ssl.PROTOCOL_TLS_SERVER, help="TLS Version")
args = parser.parse_args()
create_tls_server('./server.crt', './server.key', args.port)
客户端.py:
import socket
import ssl
import argparse
# Client-side
def connect_tls_client(cafile, port, host):
context = ssl.create_default_context()
context.load_verify_locations(cafile)
sock = socket.socket() # instantiate
sock.connect((host, port)) # connect to the server
client_socket = context.wrap_socket(sock, server_hostname=host)
print(">> ", end='')
message = input()
while message.lower().strip() != 'bye':
client_socket.send(message.encode()) # send message
data = client_socket.recv(1024).decode() # receive response
if not data:
break
print('Received from server: ' + data) # show in terminal
if data == 'bye':
break
print(">> ", end='')
message = input()
client_socket.close() # close the connection
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="TLS Client")
parser.add_argument("-s", "--server_ip", default="name-of-remote-serverenter image description here", help="Server IP address")
parser.add_argument("-p", "--port", type=int, default=8500, help="Port number")
parser.add_argument("-v", "--version", type=int, default=ssl.PROTOCOL_TLS_SERVER, help="TLS Version")
args = parser.parse_args()
connect_tls_client('./server.crt', args.port, args.server_ip)
这就是我解决这个问题的方法。
我做了两件事:
参考 https://gitlab.com/wireshark/wireshark/-/issues/16713 https://wiki.wireshark.org/TLS#%E2%80%8DPreference_Settings
我通过 tcpcap 查询进行了修改,以仅收集 TLS 数据包 - 这减少了捕获中的噪音,并且也捕获了两个方向:
效果非常好!谢谢大家。