Re: HTTP/2 decrytion with sslkeylog

[Miroslav Rovis <miro.rovis () croatiafidelis hr>]

(Not much at all from me, but...)

On 170114-00:20+0800, Muhui Jiang wrote:
> Hi
>
> I hope this should be the right way to ask the related question.
>
> These days, I tried to use the wireshark to decrypt the SSL data and
> analysis the HTTP/2 traffic. I tried win64-1.99.2. win64-1.12.6,win
> 64-2.2.3. I also tried the same version on ubuntu 14.04 and MacOS. I
> followed the steps below to try to decrypt the traffic
>
> 1. add the SSLKEYLOGFILE and the corresponding path to the environment
> variable
> 2.I set the SSL of  preference  in wireshark and set the corresponding path
> in the (Pre)-Master-Secret log filename.
> 3.Then I restart the browser(firefox and chrome) and the wireshark to
> capture the corresponding packets
>
> The results I observe:
> Sometimes, the ssllogkey file is empty, I think this might be the reason of
> chrome or firefox, after waiting for sometime, there is the session key
> inside the ssllogkey file
> Sometimes,when there is content inside the ssllogkey file and I can still
> not decrypt the frames completely. I can only see the content of some js or
> css file. But I cannot see the specific frames type of http2 like push
> promise, settings, data etc.
>
> I tried to solve this problem for three whole days but failed. And my
> target website includes google, twitter some public sites and some sites I
> set in the testbed. But I can not get a satisfied result. I searched and
> visited many sites introducing the way to decrypting the ssl traffic but I
> failed at last. I also tried the way to set the private key in wireshark
> and do the test on my testbed, still no results.
>
> I really need you guys help if any of you ever used wireshark to decrypt
> the HTTP/2 traffic completely, could you please tell me your platform, your
> wireshark version, your browser version, your test site or your testbed
> server version(better with configuration if available) and the cipher
> suite. I want to repeat your test. I am completely confused and don't trust
> myself, I don't know which step is wrong or I just miss some important
> thing.
>
> If you need more information of my test, please let me know and I can
> provide more information and the pcap files. Many Thanks and really need
> your help.
>
> Regards
> Muhui

But for some reason, it seems the talk has gone elsewhere, or that lost
of poeple are even afraid to learn what is really happening with in their
machines when on the internet...

I often didn't get any replies on this list, and occasinally I really
needed them (you can see in the archives).

I can't help you because in my online time, in every browser I disable
HTTP2/SPDY since it's really lousy standards, and I do only local
tracing, at this time.

I only write telling you that I wish I could help, but can't. Also,
sorry for the late reply, and I hope you made it, or are making it, in
the meantime, or soon, to solve your issues.

Regards!
-- 
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe