Bottom Page

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 Get master secret TLS
#1
I need to retrieve the pre-master secret generated by Requests for the TLS connection in order to use this to decrypt the traffic in Wireshark.

would anybody know how to do this in Python with Requests?

Thx for the help.

(I am using v. 2.22.0 of Requests with Python 3.7)
Quote
#2
my guess is that (if this is what I think it is)
you can look through the source code, but I expect that they use the RSA algorithm which you can read about here: https://tools.ietf.org/html/rfc5246#section-8.1

to get source code run from command line (requires git install: https://git-scm.com/book/en/v2/Getting-S...alling-Git ):
git clone git://github.com/psf/requests.git
Quote
#3
Thx for the answer. I just found out myself .... it is all about using the right search keywords...It has just been incorporated in Python.

The functionality is made available through this project:

https://sslkeylog.readthedocs.io/en/latest/

The module can be downloaded here:

https://pypi.org/project/sslkeylog/#history

I use a Mac, for which installation works if you have Xcode command line utilities installed otherwise =u get an error xcrun .... developer path not found.

installed through xcode-select --install.

Use the demo code snippet.

import sslkeylog
sslkeylog.set_keylog("sslkeylog.txt")

The client random is written in this file.
To view the decrypted text, start wireshark, have it capture the transmission.
Run the python code setting up and exchanging stuff over TLS.
Then go to wireshark, stop the capture, select the TLS packet send or received from the host one is interested in, right click, choose TLS prefs, select the path and filename sslkeylog.txt as source for the premaster secret, close interface, select follow tls stream and it will display the decrypted text. I will post a more exact 'click and menu' options later for wireshark. But there are enough how to's around on how to configure it to use a (PRE)-master secret file as source for the sectret so it can decrypt the tls stream.

Such as here: https://wiki.wireshark.org/TLS

or here: http://www.root9.net/2012/11/ssl-decrypt...ivate.html
Quote

Top Page

Forum Jump:


Users browsing this thread: 1 Guest(s)