Skip to content Skip to sidebar Skip to footer
Home / Pcap / Python / Security / Ssl / Wireshark

Parsing Ssl Traffic In .pcap File Using Python

Post a Comment
I have a bunch of tcp dumps, which contain SSL traffic. I'm also provided with the RSA private key to decrypt it. There are a few reasons, why opening them in Wireshark is not real

Solution 1:

I am working on SSL/TLS layers for scapy. Besides providing interfaces for TLSMessages (Records,Handshakes,...) the library also comes with a SSLSessionContext that provided you specified an RSA private key gives you an interface to the key material and utility functions to decrypt TLSCiphertext for you. Just feed in the SSL Handshake packets as read from the pcap.

At the moment this works pretty fine for RSA_with_AES-128-SHA. Support for stream ciphers, more hmac/hash algorithms and block_ciphers - as required in the rfc for tls1_0 - will be gradually added as part of some code refactoring.

Check the documentation for more details and an example implementation for a sniffer that decrypts TLSCiphertexts given a private-key and RSA_with_AES-128-SHA.

Post a Comment for "Parsing Ssl Traffic In .pcap File Using Python"