• Wireshark查看https的通讯

    如果有服务端的证书,那我们可以分析web下https的通讯情况,在特别的场景下有一定的用处,如外部审计

    如下是在wireshark或tshark中配置查看https的设置

    wireshark验证

    wps4DA7.tmp

    wps4DB8.tmp

    tshark验证

    tshark -f "tcp and port 443" -i eth2 -o "ssl.keys_list:192.168.0.155,443,http,/root/tmp/a.crt"

    15.852877 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=1 Ack=132 Win=6912 Len=0

    15.854385 192.168.0.155 -> 192.168.0.55 TLSv1 722 Server Hello, Certificate, Server Hello Done

    15.854813 192.168.0.55 -> 192.168.0.155 TLSv1 252 Client Key Exchange, Change Cipher Spec, Finished

    15.857471 192.168.0.155 -> 192.168.0.55 TLSv1 60 Change Cipher Spec

    15.857721 192.168.0.155 -> 192.168.0.55 TLSv1 107 Finished

    15.857811 192.168.0.55 -> 192.168.0.155 TCP 60 sia-ctrl-plane > https [ACK] Seq=330 Ack=728 Win=64972 Len=0

    15.859990 192.168.0.55 -> 192.168.0.155 SSL 731 [SSL segment of a reassembled PDU]

    15.899431 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1007 Win=9344 Len=0

    15.902726 192.168.0.55 -> 192.168.0.155 TCP 66 xmcp > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

    15.902774 192.168.0.155 -> 192.168.0.55 TCP 66 https > xmcp [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64

    15.902887 192.168.0.55 -> 192.168.0.155 TCP 60 xmcp > https [RST] Seq=1 Win=0 Len=0

    15.909868 192.168.0.55 -> 192.168.0.155 TCP 66 4789 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

    15.909912 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4789 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64

    15.910026 192.168.0.55 -> 192.168.0.155 TCP 60 4789 > https [RST] Seq=1 Win=0 Len=0

    15.921205 192.168.0.55 -> 192.168.0.155 TCP 66 4790 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

    15.921250 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4790 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64

    15.921359 192.168.0.55 -> 192.168.0.155 TCP 60 4790 > https [RST] Seq=1 Win=0 Len=0

    15.930390 192.168.0.55 -> 192.168.0.155 TCP 66 4791 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

    15.930422 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4791 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64

    15.930532 192.168.0.55 -> 192.168.0.155 TCP 60 4791 > https [RST] Seq=1 Win=0 Len=0

    15.991719 192.168.0.55 -> 192.168.0.155 HTTP 107 POST /all/rptsave HTTP/1.1  (application/x-www-form-urlencoded)

    309  15.991837 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1060 Win=9344 Len=0

    15.995828 192.168.0.155 -> 192.168.0.55 HTTP 251 HTTP/1.1 200 OK  (text/html)

    查看证书的信息,asn1view这个工具很好用
  • 相关阅读:
    dotweb框架之旅 [三]
    dotweb框架之旅 [二]
    dotweb框架之旅 [一]
    对 dotweb 框架进行统一的自定义错误处理
    go服务端----使用dotweb框架搭建简易服务
    Nginx日志文件切割
    linux安装PHP-memcache-redis扩展
    图与最短路径
    素数(质数)的一个用法
    一个手机号码剔重的问题
  • 原文地址:https://www.cnblogs.com/2018/p/4711131.html
Copyright © 2020-2023  润新知