Wireshark查看https的通讯
如果有服务端的证书,那我们可以分析web下https的通讯情况,在特别的场景下有一定的用处,如外部审计
如下是在wireshark或tshark中配置查看https的设置
wireshark验证
tshark验证
tshark -f "tcp and port 443" -i eth2 -o "ssl.keys_list:192.168.0.155,443,http,/root/tmp/a.crt"
15.852877 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=1 Ack=132 Win=6912 Len=0
15.854385 192.168.0.155 -> 192.168.0.55 TLSv1 722 Server Hello, Certificate, Server Hello Done
15.854813 192.168.0.55 -> 192.168.0.155 TLSv1 252 Client Key Exchange, Change Cipher Spec, Finished
15.857471 192.168.0.155 -> 192.168.0.55 TLSv1 60 Change Cipher Spec
15.857721 192.168.0.155 -> 192.168.0.55 TLSv1 107 Finished
15.857811 192.168.0.55 -> 192.168.0.155 TCP 60 sia-ctrl-plane > https [ACK] Seq=330 Ack=728 Win=64972 Len=0
15.859990 192.168.0.55 -> 192.168.0.155 SSL 731 [SSL segment of a reassembled PDU]
15.899431 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1007 Win=9344 Len=0
15.902726 192.168.0.55 -> 192.168.0.155 TCP 66 xmcp > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.902774 192.168.0.155 -> 192.168.0.55 TCP 66 https > xmcp [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.902887 192.168.0.55 -> 192.168.0.155 TCP 60 xmcp > https [RST] Seq=1 Win=0 Len=0
15.909868 192.168.0.55 -> 192.168.0.155 TCP 66 4789 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.909912 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4789 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.910026 192.168.0.55 -> 192.168.0.155 TCP 60 4789 > https [RST] Seq=1 Win=0 Len=0
15.921205 192.168.0.55 -> 192.168.0.155 TCP 66 4790 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.921250 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4790 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.921359 192.168.0.55 -> 192.168.0.155 TCP 60 4790 > https [RST] Seq=1 Win=0 Len=0
15.930390 192.168.0.55 -> 192.168.0.155 TCP 66 4791 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.930422 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4791 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.930532 192.168.0.55 -> 192.168.0.155 TCP 60 4791 > https [RST] Seq=1 Win=0 Len=0
15.991719 192.168.0.55 -> 192.168.0.155 HTTP 107 POST /all/rptsave HTTP/1.1 (application/x-www-form-urlencoded)
309 15.991837 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1060 Win=9344 Len=0
15.995828 192.168.0.155 -> 192.168.0.55 HTTP 251 HTTP/1.1 200 OK (text/html)
查看证书的信息,asn1view这个工具很好用