Skip to content

wpbrown/openssl-keylog

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

dumpcapssl

dumpcapssl

 
 

sslkeylog.c

sslkeylog.c

 
 

sslkeylogged

sslkeylogged

 
 

Repository files navigation

openssl-keylog

Add SSLKEYLOGFILE support to any dynamically linked app using OpenSSL 1.1.1+, including .NET 5+ applications.

Building

No dependencies. Just make it.

$ sudo apt install git build-essential
$ git clone https://github.com/wpbrown/openssl-keylog
$ cd openssl-keylog
$ make
cc sslkeylog.c -shared -o libsslkeylog.so -fPIC -ldl

The .so is built next to the sslkeylogged script. Add the project directory to your path.

$ export PATH=/home/foo/openssl-keylog:$PATH

Usage

Start a network capture on eth0 in the background (your interface name may be different). Run your command with the sslkeylogged script. If you don't set SSLKEYLOGFILE, a value will be set and printed before running your command.

$ sudo dumpcap -q -i eth0 -w /tmp/output.pcapng &
$ sslkeylogged ./SimulatedDevice
*** SSLKEYLOGFILE set to /tmp/sslkeys-cOHTcLbk.txt ***
IoT Hub - Simulated Mqtt device.
Press control-C to exit.
02/24/2021 03:13:08 > Sending message: {"temperature":32.53831510550264,"humidity":63.50118943653125}
...

Set the sslkeys text file in your Wireshark preferences before you open a capture file to see the decrypted TLS traffic.

The process of capturing during command execution can be automated with the dumpcapssl script. The script will automatically merge the secret keys in to the pcapng file so there is no need to change Wireshark preferences.

$ dumpcapssl eth0 ./SimulatedDevice
*** SSL keys: /tmp/dumpcapssl-iYOYPZd7.keys ***
*** Capture : /tmp/dumpcapssl-iYOYPZd7.pcapng from interface: eth0 ***
*** Starting Capture ***
Capturing on 'eth0'
File: /tmp/dumpcapssl-tiMD6a5K.tmp.pcapng
*** Starting Command ***
IoT Hub - Simulated Mqtt device.
Press control-C to exit.
...
^C
Exiting...
Device simulator finished.
*** Command Interrupted ***
*** Command Stopped ***
*** Stopping Capture ***
Packets captured: 134
Packets received/dropped on interface 'eth0': 134/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%)
*** Merging Key Files ***
*** Embedding Keys ***
*** Stopped Capture : /tmp/dumpcapssl-iYOYPZd7.pcapng Keys: /tmp/dumpcapssl-iYOYPZd7.keys ***

The file /tmp/dumpcapssl-iYOYPZd7-dsb.pcapng in the example above will contain the embedded DSB (Decryption Secrets Block).

Credit

The C code is forked from sslkeylog.c by Peter Wu. Also thanks to Peter for his StackExchange post.

About

Add SSLKEYLOGFILE support to any dynamically linked app using OpenSSL 1.1.1+ on Linux.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

28 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

No releases published

Languages