Add KEYLOGFILE TLS decryption support. #11
Description
I have such code:
nss_keys = {}
with open("captured.keylog", "r") as keylogfd:
for line in keylogfd.readlines():
tokens = line.strip().split()
if tokens[1] not in nss_keys:
nss_keys[tokens[1]] = {}
if tokens[0] == 'CLIENT_RANDOM':
nss_keys[tokens[1]]['master_secret'] = tokens[2]
elif tokens[0] == 'CLIENT_HANDSHAKE_TRAFFIC_SECRET':
nss_keys[tokens[1]]['client_handshake_secret'] = tokens[2]
elif tokens[0] == 'SERVER_HANDSHAKE_TRAFFIC_SECRET':
nss_keys[tokens[1]]['server_handshake_secret'] = tokens[2]
elif tokens[0] == 'CLIENT_TRAFFIC_SECRET_0':
nss_keys[tokens[1]]['client_traffic_secret'] = tokens[2]
elif tokens[0] == 'SERVER_TRAFFIC_SECRET_0':
nss_keys[tokens[1]]['server_traffic_secret'] = tokens[2]
print(json.dumps(nss_keys, indent=4))that produces:
{
"7834e2da48ed053d149e3587e646eef8d37cbd4c96bcd3e010089c2dbf3918f6": {
"client_handshake_secret": "3cc7fb6f9518cd0e37eba33de56fa5e2d8fac3273d19f311abc5f135b152cae7",
"server_handshake_secret": "195e9473d29b45c71a261e303b4075e418c0b7d23268a44895d0d6a8ad42a74f",
"client_traffic_secret": "98a36efdd5b709685456a9ffd550addbfda34213661ddadf3aee1fee2a18bdc9",
"server_traffic_secret": "5fd2f247d0b31c80dd899a93a6d193424309e640658d0329b0f3376260e61208"
},
"82f2d1337f0065ecd9fa5cc844c74813daa3585f011a07ecdb793c30edfb9a4a": {
"client_handshake_secret": "f066f004712237a8cbb192cadaad5e9a795df98cd806e5f7e0d1509864fc2c52",
"server_handshake_secret": "13d3b2a8f8330b478c32bfec00a301585246b8df218ef83d748eda2de6ed785d",
"client_traffic_secret": "e7ed02a33e208ce3390e45c5d176fa95a1da1b46e3199579eff2d5df5e696850",
"server_traffic_secret": "b86a222f4b789839d705f15026f72bdffb2849584b0d5046524f5d9987bb10f2"
}
}captured.pcap and captured.keylog are updating in real time.
I want to use this keys to decrypt TLS traffic and get reconstructed flow with decrypted HTTPS requests and responses in live stream to see every HTTP request with response together in the terminal while they appear. By the first how to decrypt traffic?