Wireshark mailing list archives
Re: decryption SSL
From: Peter Wu <peter () lekensteyn nl>
Date: Fri, 8 Sep 2017 22:02:43 +0100
Hi Sadik, On Fri, Sep 08, 2017 at 05:15:19PM +0200, Sadik Sikder wrote:
Thanks Mr. Peter for you kind help and cooperation... i have figured-out how should i write my own decryption function . i have some confusion or problem to understand... i am giving a example what i would like to know. in epan/packet-ssl.c file, i have a seen a method called: void ssl_load_keyfile(const gchar *ssl_keylog_filename, FILE **keylog_file, const ssl_master_key_map_t *mk_map) or void ssl_debug_printf(const gchar* fmt, ...) { va_list ap; if (!ssl_debug_file) return; va_start(ap, fmt); vfprintf(ssl_debug_file, fmt, ap); va_end(ap); } here ssl_load_keyfile or ssl_debug_print() are methods. i havenot found where these method are called into main function. similar this problem i have faced several situations. In order to overcome the situation what should i follow? how can i or which file/folder contains main functions regarding epan/packet-ssl.c, epan/packet-ssl-utils.c?
Wireshark has a lot of dissectors and functionality, as far as functionality is concerned, you need to start looking at "dissect_ssl". See the first step of https://www.wireshark.org/lists/wireshark-dev/201709/msg00006.html which says: The program flow in the common case (SSLv3/TLS) is as follows: 1. dissect_ssl is the entrypoint (commonly called from TCP dissector). ... the main function is located in wireshark-qt.cpp (or tshark.c if you use tshark). Specifically for ssl_debug_printf, these are called in multiple functions in epan/dissectors/packet-ssl.c and epan/dissectors/packet-ssl-utils.c. Have you tried a simple text search in these files?
i have used Eclipse IDE to track of these methods to figure-out main function but i was unable to find the main functions regarding packet-ssl.c, packet-ssl-utils.c and packet-ssl-utils.h.
I suggest you to use a debugger, set a breakpoint starting in dissect_ssl (or whatever function you are interested in). Then run the the "console" version of Wireshark using the capture and keys from the source directory: tshark -r test/captures/dhe1.pcapng.gz -o ssl.keylog_file:test/keys/dhe1_keylog.dat -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark-dev Digest, Vol 136, Issue 4 Sadik Sikder (Sep 08)
- Re: decryption SSL Peter Wu (Sep 08)