捕获明文的 HTTPS 流量?

发布于 2024-07-25 13:22:29 字数 452 浏览 7 评论 0原文

我有一个与远程 Web 服务通信的本地应用程序(不是我编写的,也无法更改)。 它使用 HTTPS,我想看看流量中有什么。

我有什么办法可以做到这一点吗? 我更喜欢 Windows 系统,但如果这能让事情变得更容易,我很乐意在 Linux 上设置代理。

我正在考虑的是:

  1. 通过破解我的主机文件(或设置备用 DNS)来重定向网站。
  2. 使用自签名(但受信任)证书在该站点上安装 HTTPS 服务器。
  3. 显然,如果您向 WireShark 提供私钥,它就可以看到 HTTPS 中的内容。 我从来没有尝试过这个。
  4. 以某种方式将此流量代理到真实服务器(即,这是一次成熟的中间人“攻击”)。

这听起来合理吗? WireShark 真的可以看到 HTTPS 流量中的内容吗? 谁能给我指出一个合适的代理(以及相同的配置)?

I've got a local application (which I didn't write, and can't change) that talks to a remote web service. It uses HTTPS, and I'd like to see what's in the traffic.

Is there any way I can do this? I'd prefer a Windows system, but I'm happy to set up a proxy on Linux if this makes things easier.

What I'm considering:

  1. Redirecting the web site by hacking my hosts file (or setting up alternate DNS).
  2. Installing an HTTPS server on that site, with a self-signed (but trusted) certificate.
  3. Apparently, WireShark can see what's in HTTPS if you feed it the private key. I've never tried this.
  4. Somehow, proxy this traffic to the real server (i.e. it's a full-blown man-in-the-middle "attack").

Does this sound sensible? Can WireShark really see what's in HTTPS traffic? Can anyone point me at a suitable proxy (and configuration for same)?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

孤独难免 2024-08-01 13:22:29

Fiddler 能做你想要的吗?

什么是 Fiddler?

Fiddler 是一个 Web 调试代理,它
记录您之间的所有 HTTP(S) 流量
计算机和互联网。 提琴手
允许您检查所有 HTTP(S)
流量、设置断点和“fiddle”
与传入或传出数据。
Fiddler 包含一个强大的
基于事件的脚本子系统,以及
可以使用任何 .NET 进行扩展
语言。

Fiddler 是免费软件,可以调试
来自几乎任何地方的流量
应用程序,包括互联网
资源管理器、Mozilla Firefox、Opera 和
还有数千。

Does Fiddler do what you want?

What is Fiddler?

Fiddler is a Web Debugging Proxy which
logs all HTTP(S) traffic between your
computer and the Internet. Fiddler
allows you to inspect all HTTP(S)
traffic, set breakpoints, and "fiddle"
with incoming or outgoing data.
Fiddler includes a powerful
event-based scripting subsystem, and
can be extended using any .NET
language.

Fiddler is freeware and can debug
traffic from virtually any
application, including Internet
Explorer, Mozilla Firefox, Opera, and
thousands more.

恋竹姑娘 2024-08-01 13:22:29

Wireshark 绝对可以将 TLS/SSL 加密流显示为纯文本。 但是,您肯定需要服务器的私钥才能执行此操作。 私钥必须作为首选项下的 SSL 选项添加到 Wireshark。 请注意,只有当您可以从一开始就遵循 SSL 流时,这才有效。 如果重复使用 SSL 连接,它将不起作用。

对于 Internet Explorer,可以通过使用“Internet 选项”对话框清除 SSL 状态来避免这种情况(SSL 会话重用)。 其他环境可能需要重新启动浏览器,甚至重新启动系统(以避免 SSL 会话重用)。

另一个关键限制是必须使用 RSA 密码。 Wireshark 无法解码使用 DFH (Diffie-Hellman) 的 TLS/SSL 流。

假设您可以满足上述约束,“跟随 SSL 流”右键单击命令效果相当好。

Wireshark can definitely display TLS/SSL encrypted streams as plaintext. However, you will definitely need the private key of the server to do so. The private key must be added to Wireshark as an SSL option under preferences. Note that this only works if you can follow the SSL stream from the start. It will not work if an SSL connection is reused.

For Internet Explorer this (SSL session reuse) can be avoided by clearing the SSL state using the Internet Options dialog. Other environments may require restarting a browser or even rebooting a system (to avoid SSL session reuse).

The other key constraint is that an RSA cipher must be used. Wireshark can not decode TLS/SSL stream that use DFH (Diffie-Hellman).

Assuming you can satisfy the constraints above, the "Follow SSL Stream" right-click command works rather well.

尛丟丟 2024-08-01 13:22:29

您需要为本地应用程序设置代理,如果它不支持代理设置,请放置一个透明代理并在外出之前将所有 https 流量路由到其中。 像这样的东西可以是中间的“人”: http://crypto.stanford.edu/ssl- mitm

另外,这里有关于如何使用wireshark存档此文件的简要说明:http://predev .wikidot.com/decrypt-ssl-traffic

You need to setup a proxy for your local application and if it doesnt honour proxy settings, put a transparent proxy and route all https traffic into it before going outside. Something like this can be the "man" in the middle: http://crypto.stanford.edu/ssl-mitm

Also, here's brief instructions on how to archive this with wireshark: http://predev.wikidot.com/decrypt-ssl-traffic

情泪▽动烟 2024-08-01 13:22:29

您还应该考虑查尔斯。 从回答这个问题时的产品描述来看:

Charles 是一个 HTTP 代理/HTTP 监视器/反向代理,使开发人员能够查看其计算机与 Internet 之间的所有 HTTP 和 SSL/HTTPS 流量。 这包括请求、响应和 HTTP 标头(其中包含 cookie 和缓存信息)。

You should also consider Charles. From the product description at the time of this answer:

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).

只怪假的太真实 2024-08-01 13:22:29
  1. 对于使用https代理进行监控,取决于握手的类型。 如果您的本地应用程序没有通过您无法伪造的 CA 签名检查服务器的证书,并且服务器也没有检查您本地应用程序的证书(或者如果您在 https 代理上设置了一个证书),那么您可以设置一个 https 代理监控 https 流量。 否则,我认为不可能用https代理来监控流量。

  2. 您可以尝试的另一种方法是在客户端程序的例程中添加检测探针,在客户端程序中从其 https 库发送和接收消息。 它需要一些逆向工程工作,但应该适用于所有情况。

  1. For using https proxy to monitor, it depends on the type of handshake. If you local application does not check the server's certificate by CA's signature which you can not fake, and the server does not check your local application's certificate ( or if you have one to setup on https proxy) then you can set up a https proxy to monitor the https traffic. Otherwise, I think it is impossible to monitor traffic with https proxy.

  2. Another way you can try is to add instrumentation probe at the routines of your client program where it send and receive messages from its https library. It needs some reverse engineering work, but should work for you for all situations.

橘和柠 2024-08-01 13:22:29

我会推荐 WireShark,它是跟踪不同流量的最佳工具。 不过,我不确定打开 SSL 后你能看到什么。 也许,如果你提供证书的话?

I would recommend WireShark, it is the best tool to follow on different pieces of traffic. Although, I am not sure what can you see with SSL turned on. Maybe, if you supply it with a certificate?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文