http2-keylog

module

v0.0.0-...-b6e4051 Latest Latest Go to latest Published: Nov 16, 2016 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/joneskoo/http2-keylog

Links

Open Source Insights

README ¶

Debugging TLS using Go crypto/tls key log

With the crypto/tls KeyLogWriter we can dump TLS secrets in a format Wireshark can read to decrypt TLS sessions. This allows debugging on-the-wire data in applications, including perfect forward secrecy and without access to server private key.

The key log must be enabled in application being debugged, normally requiring a change in the source code. Both client and server can be modified to log the secrets.

The required tls.Config#KeyLogWriter feature will be in Go 1.8 release (expected to be released around January 31st, 2017). Until then, installing the development version ("go tip") is required.

Installation

Requirements: Go 1.8 or development version ("tip").

$ go get -u github.com/joneskoo/http2-keylog/h2keylog-server
$ go get -u github.com/joneskoo/http2-keylog/h2keylog-client

Capturing and decoding TLS client traffic

See h2keylog-client source code.

$ h2keylog-client https://http2.golang.org
Leaking TLS keys to ssl-keylog.txt
----------------------
HTTP/2.0 200 OK
Content-Length: 1593
Content-Type: text/html; charset=utf-8
Date: Wed, 16 Nov 2016 23:05:06 GMT

[body not shown]

You need to start a packet capture, e.g. with Wireshark, before you run h2keylog-client. h2keylog-client will write a text file that Wireshark can use to decrypt TLS traffic from the client.

ssl-keylog.txt:

# SSL/TLS secrets log file, generated by go
CLIENT_RANDOM b45c940d802822fd04c85a38b03b7227168457fbadb8be57a0f9cd05c4a0d2d3 6cbdd6f6bcdc5c3d7df7f0074b481eec649002ec64e2cfd91255e346aab617e72a1da2668176216e1d03f70505a335eb

You can now use the file as (Pre)-Master-Secret in SSL preferences in Wireshark to decode the traffic.

Wireshark showing decrypted TLS

Capturing and decoding TLS server traffic

See h2keylog-server source code.

$ h2keylog-server
Listening at https://:10443/
Leaking TLS keys to ssl-keylog.txt

Meanwhile in another terminal, and while Wireshark capture is active:

$ curl -k --http2 -6 'https://localhost:10443/'
This is an example server.

You can now use the file as (Pre)-Master-Secret in SSL preferences in Wireshark to decode the traffic.

Wireshark showing decrypted TLS

Directories ¶

Path	Synopsis
h2keylog-client
h2keylog-server

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL