{"id":170,"date":"2013-09-03T08:00:00","date_gmt":"2013-09-03T00:00:00","guid":{"rendered":"http:\/\/31.0.2.219:81\/?p=170"},"modified":"2014-03-11T15:33:06","modified_gmt":"2014-03-11T07:33:06","slug":"wireshark%e4%b9%8bssl%e8%a7%a3%e5%af%86","status":"publish","type":"post","link":"http:\/\/www.huike007.cn\/?p=170","title":{"rendered":"WIRESHARK\u4e4bSSL\u89e3\u5bc6"},"content":{"rendered":"<p>\u672c\u6587\u4ecb\u7ecd\u5728Wireshark\u7f51\u7edc\u534f\u8bae\u5206\u6790\u4eea\u4e2d\u5982\u679c\u89e3\u5bc6SSL\u548cTLS\u6d41\u91cf<br \/>\n\u8981\u6c42<br \/>\n? \u4ee5\u4e0b\u57fa\u672c\u77e5\u8bc6\uff1a<br \/>\n? \u7f51\u7edc\u8ffd\u8e2a<br \/>\n? \u7f51\u7edc\uff0cTCP\/IP\u548cSSL\/TLS\u534f\u8bae<br \/>\n? \u8bc1\u4e66\u548c\u516c\u79c1\u94a5\u7684\u4f7f\u7528<br \/>\n? Wireshark\u7f51\u7edc\u534f\u8bae\u5206\u6790\u4eea<\/p>\n<p>?Wireshark \u8f6f\u4ef6\u652f\u6301SSL\u89e3\u5bc6<br \/>\n? \u670d\u52a1\u5668\u6216\u8bbe\u5907\u7684\u79c1\u94a5\uff0c\u79c1\u94a5\u683c\u5f0f\u4e3aPKCS#8 PEM<br \/>\n\u80cc\u666f<br \/>\n\u5728Wireshark\u4e2d\uff0cSSL\u89e3\u6790\u5668\u529f\u80fd\u5b8c\u6574\uff0c\u4e14\u652f\u6301\u9ad8\u7ea7\u7279\u6027\uff0c\u5982\u63d0\u4f9b\u52a0\u5bc6\u79c1\u94a5\u65f6\u7684SSL\u89e3\u5bc6\u3002\u8fd9\u5bf9\u4e8e\u4f7f\u7528SSL\u6216TLS\u52a0\u5bc6\u7684\u601d\u6770\u4ea7\u54c1\u7684\u6392\u9519\u6709\u5f88\u5927\u7684\u5e2e\u52a9\u3002<br \/>\n\u6b65\u9aa4<br \/>\nWireshark \u8bbe\u7f6e<br \/>\n1. \u5728Wireshark\u4e2d\uff0cSSL\u89e3\u6790\u5668\u529f\u80fd\u5b8c\u6574\uff0c\u4e14\u652f\u6301\u9ad8\u7ea7\u7279\u6027\uff0c\u5982\u63d0\u4f9b\u52a0\u5bc6\u79c1\u94a5\u65f6\u7684SSL\u89e3\u5bc6\u3002\u8fd9\u5bf9\u4e8e\u4f7f\u7528SSL\u6216TLS\u52a0\u5bc6\u7684\u601d\u6770\u4ea7\u54c1\u7684\u6392\u9519\u6709\u5f88\u5927\u7684\u5e2e\u52a9\u3002<br \/>\n2. \u4ece\u83dc\u5355\u4e2d\u9009\u62e9Edit &gt; Preferences.<\/p>\n<p>3.\u6253\u5f00Preferences \u7a97\u53e3\uff0c\u5c55\u5f00Protocols.<br \/>\n4.\u4e0b\u62c9\u9009\u62e9 SSL.<br \/>\n<img src=\"download.asp?id=35\" border=\"0\" alt=\"\"\/><br \/>\n5.\u5728RSA keys list\u540e\u7684\u7a7a\u767d\u5904\uff0c\u63d0\u4f9b\u4ee5\u4e0b\u4fe1\u606f&lt;ip&gt;,&lt;port&gt;,&lt;protocol&gt;,&lt;key_file_name&gt; \uff08\u5982\u4e0a\u56fe\u6240\u793a\uff09<br \/>\n \u5176\u4e2d:<br \/>\n&lt;ip&gt;\u662f\u5177\u6709\u79c1\u94a5\u7684\u670d\u52a1\u5668\u6216\u8bbe\u5907\u7684IP\u5730\u5740<br \/>\n &lt;port&gt; \u662fSSL\/TLS\u7aef\u53e3\u53f7\uff0c\u901a\u5e38\u662f443<br \/>\n &lt;protocol&gt; \u901a\u5e38\u662fHTTP<br \/>\n &lt;key_file_name&gt; \u662f\u79c1\u94a5\u7684\u540d\u79f0\u548c\u8def\u5f84is the location and file name of the private key<br \/>\n Note: \u9017\u53f7\u95f4\u6ca1\u6709\u7b26\u53f7\u3002\u800c\u4e14\uff0c\u4f7f\u7528\u5206\u53f7\u95f4\u9694\u7528\u4e8e\u4e0d\u540c\u6761\u76ee\u3002<br \/>\n \u201c&lt;ip&gt;,&lt;port&gt;,&lt;protocol&gt;,&lt;key_file_name&gt;;&lt;ip&gt;,&lt;port&gt;,&lt;protocol&gt;,&lt;key_file_name&gt;;&lt;ip&gt;,&lt;port&gt;,&lt;protocol&gt;,&lt;key_file_name&gt;\u201d.<br \/>\n6.\u5728SSL debug file\u540e\u7684\u7a7a\u767d\u5904\u586b\u5165\u6392\u9519\u6587\u4ef6\u7684\u8def\u5f84\u548c\u6587\u4ef6\u540d<br \/>\n7. \u70b9\u51fb OK.<br \/>\n8. SSL\u5219\u88ab\u89e3\u5bc6\uff08\u89e3\u5bc6\u7684SSL\u5982\u4e0b\u56fe\u6240\u793a\uff09<br \/>\n<img src=\"download.asp?id=37\" border=\"0\" alt=\"\"\/><br \/>\n\u79c1\u94a5\u683c\u5f0f<br \/>\nWireshark\u53ea\u8981\u6709\u79c1\u94a5\u5c31\u53ef\u4ee5\u89e3\u5bc6SSL\u6d41\u91cf\u3002\u79c1\u94a5\u9700\u8981\u65f6decrypted PKCS#8 PEM format (RSA)\u683c\u5f0f\u3002\u4f60\u53ef\u4ee5\u6253\u5f00\u79c1\u94a5\u770b\u5b83\u7684\u5185\u5bb9\u3002\u5982\u679c\u662f\u4e8c\u8fdb\u5236\uff0c\u5219\u662fDER\u683c\u5f0f\uff0c\u4e0d\u80fd\u7528\u4e8eWireshark\u89e3\u5bc6\u3002<\/p>\n<p>\u4f60\u53ef\u4ee5\u4f7f\u7528OpenSSL\u8f6c\u6362\u5bc6\u94a5\u683c\u5f0f\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u5c06PKCS#8 DER\u683c\u5f0f\u7684\u5bc6\u94a5\u8f6c\u5316\u6210decrypted PKCS#8 PEM format (RSA)\u683c\u5f0f\u3002\u5728$\u63d0\u793a\u7b26\u540e\u8f93\u5165\u5982\u4e0b\u6307\u4ee4\uff1a<\/p>\n<p>openssl pkcs8 -nocrypt -in der.key -informat DER -out pem.key -outformat PEM<br \/>\n\u5176\u4e2d:<br \/>\nder.key \u662fDER\u5bc6\u94a5\u6587\u4ef6\u7684\u6587\u4ef6\u540d\u548c\u8def\u5f84<br \/>\npem.key\u662fpem\u6587\u4ef6\u7684\u6587\u4ef6\u540d\u548c\u8def\u5f84<br \/>\n\u89e3\u5bc6\u540e\u7684decrypted PKCS#8 PEM format (RSA)\u683c\u5f0f\u5982\u4e0b\uff1a<br \/>\n<img src=\"download.asp?id=36\" border=\"0\" alt=\"\"\/><br \/>\n\u6ce8\u610f\u5bc6\u94a5\u5f00\u5934\u4e3a:<br \/>\n&#8212;&#8211;BEGIN RSA PRIVATE KEY&#8212;&#8211;<br \/>\n\u5982\u679c\u5f00\u5934\u4e3a:<br \/>\n&#8212;&#8211;BEGIN ENCRYPTED PRIVATE KEY&#8212;&#8211;<br \/>\n\u5219\u8fd9\u4e2a\u5bc6\u94a5\u9700\u8981\u7528\u9002\u5f53\u7684\u65b9\u6cd5\u89e3\u5bc6\u3002OpenSSL\u53ef\u4ee5\u5b9e\u73b0\u3002<br \/>\n1.At the $ prompt, enter the command: \u5728$\u63d0\u793a\u7b26\uff0c\u8f93\u5165\u547d\u4ee4\uff1a<br \/>\n openssl rsa<br \/>\n If you enter this command without arguments, you are prompted as follows: \u5982\u679c\u8f93\u5165\u6307\u4ee4\u4e0d\u5e26\u53c2\u6570\uff0c\u5219\u51fa\u73b0\u4ee5\u4e0b\u5b57\u6837\uff1a<br \/>\n read RSA key<br \/>\n2.\u8f93\u5165\u89e3\u5bc6\u7684\u79c1\u94a5\u6587\u4ef6\u540d<br \/>\n\u4f60\u53ef\u4ee5\u5728openssl rsa\u540e\u52a0\u4e0a\u53c2\u6570\uff0c\u5047\u5982\u4f60\u77e5\u9053\u79c1\u94a5\u548c\u89e3\u5bc6\u7684PEM\u7684\u6587\u4ef6\u540d\u3002\u4f8b\u5982\uff0c\u79c1\u94a5\u7684\u6587\u4ef6\u540d\u662fmyprivkey.pvk\u548c\u89e3\u5bc6\u7684\u6587\u4ef6\u540d\u95eekeyout.pem\uff0c\u547d\u4ee4\u5982\u4e0b\uff1a<br \/>\n openssl rsa \u2013in myprivkeypvk -out keyout.pem<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u672c\u6587\u4ecb\u7ecd\u5728Wireshark\u7f51\u7edc\u534f\u8bae\u5206\u6790\u4eea\u4e2d\u5982\u679c\u89e3\u5bc6SSL\u548cTLS\u6d41\u91cf \u8981\u6c42 ? \u4ee5\u4e0b\u57fa\u672c\u77e5\u8bc6\uff1a ? \u7f51\u7edc\u8ffd\u8e2a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[179],"tags":[273,208],"_links":{"self":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/170"}],"collection":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=170"}],"version-history":[{"count":1,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/170\/revisions"}],"predecessor-version":[{"id":278,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/170\/revisions\/278"}],"wp:attachment":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=170"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}