使用 pcap4J 解密 HTTPS 数据包
Decrypting HTTPS packets using pcap4J
在 Java 中,我正在使用 pcap4J 捕获计算机上另一个应用程序 运行 的网络流量。我用来执行此操作的代码如下:
import org.pcap4j.core.*;
import org.pcap4j.packet.Packet;
import org.pcap4j.util.NifSelector;
import java.io.IOException;
import static org.pcap4j.core.BpfProgram.BpfCompileMode.OPTIMIZE;
import static org.pcap4j.core.PcapNetworkInterface.PromiscuousMode.PROMISCUOUS;
public class Pcap4jLoop
{
public static void main(String[] arguments) throws Exception
{
PcapNetworkInterface networkDevice = getNetworkDevice();
try (PcapHandle handle = networkDevice.openLive(65536, PROMISCUOUS, 50))
{
String serverIP = "..."; // Filter for packets with just one server
String bpfExpression = "dst host " + serverIP + " || src host " + serverIP;
handle.setFilter(bpfExpression, OPTIMIZE);
PacketListener listener = packet -> printPacket(packet, handle);
handle.loop(Integer.MAX_VALUE, listener);
//noinspection InfiniteLoopStatement,StatementWithEmptyBody
while (true)
{
}
}
}
private static PcapNetworkInterface getNetworkDevice() throws IOException
{
NifSelector nifSelector = new NifSelector();
PcapNetworkInterface nif = nifSelector.selectNetworkInterface();
if (nif == null)
{
System.exit(1);
}
return nif;
}
private static void printPacket(Packet packet, PcapHandle pcapHandle)
{
StringBuilder sb = new StringBuilder();
sb.append("A packet captured at ")
.append(pcapHandle.getTimestampPrecision())
.append(":");
System.out.println(sb);
System.out.println(packet);
}
}
不幸的是,流量是加密的,因此无法分析。然而,另一个名为 Fiddler 的应用程序能够在没有任何特殊配置或服务器私钥的情况下很好地解密流量。 Fiddler 可以显示我感兴趣的正在交换的 JSON 结构。如何在 Java 代码中做同样的事情以便使用捕获的 JSON 对象? (本题是解密部分,不是后面的解析部分)
正如评论者对这个问题的评论:
By definition you can not decrypt any TLS traffic (so that includes
HTTPS) if you do not control either side or are able to have either
side give you the negotiated master key and client random used. Just trying to decrypt
any random TLS traffic will not be possible. Fiddler does it by being
a man-in-the-middle, not by decrypting traffic sent directly between
two other computers. While Fiddler does not need special configuration the client
needs a special configuration, i.e. it needs to trust the certificate
authority used by Fiddler to dynamically create certificates.
在 Java 中,我正在使用 pcap4J 捕获计算机上另一个应用程序 运行 的网络流量。我用来执行此操作的代码如下:
import org.pcap4j.core.*;
import org.pcap4j.packet.Packet;
import org.pcap4j.util.NifSelector;
import java.io.IOException;
import static org.pcap4j.core.BpfProgram.BpfCompileMode.OPTIMIZE;
import static org.pcap4j.core.PcapNetworkInterface.PromiscuousMode.PROMISCUOUS;
public class Pcap4jLoop
{
public static void main(String[] arguments) throws Exception
{
PcapNetworkInterface networkDevice = getNetworkDevice();
try (PcapHandle handle = networkDevice.openLive(65536, PROMISCUOUS, 50))
{
String serverIP = "..."; // Filter for packets with just one server
String bpfExpression = "dst host " + serverIP + " || src host " + serverIP;
handle.setFilter(bpfExpression, OPTIMIZE);
PacketListener listener = packet -> printPacket(packet, handle);
handle.loop(Integer.MAX_VALUE, listener);
//noinspection InfiniteLoopStatement,StatementWithEmptyBody
while (true)
{
}
}
}
private static PcapNetworkInterface getNetworkDevice() throws IOException
{
NifSelector nifSelector = new NifSelector();
PcapNetworkInterface nif = nifSelector.selectNetworkInterface();
if (nif == null)
{
System.exit(1);
}
return nif;
}
private static void printPacket(Packet packet, PcapHandle pcapHandle)
{
StringBuilder sb = new StringBuilder();
sb.append("A packet captured at ")
.append(pcapHandle.getTimestampPrecision())
.append(":");
System.out.println(sb);
System.out.println(packet);
}
}
不幸的是,流量是加密的,因此无法分析。然而,另一个名为 Fiddler 的应用程序能够在没有任何特殊配置或服务器私钥的情况下很好地解密流量。 Fiddler 可以显示我感兴趣的正在交换的 JSON 结构。如何在 Java 代码中做同样的事情以便使用捕获的 JSON 对象? (本题是解密部分,不是后面的解析部分)
正如评论者对这个问题的评论:
By definition you can not decrypt any
TLStraffic (so that includesHTTPS) if you do not control either side or are able to have either side give you the negotiated master key and client random used. Just trying to decrypt any randomTLStraffic will not be possible.Fiddlerdoes it by being a man-in-the-middle, not by decrypting traffic sent directly between two other computers. WhileFiddlerdoes not need special configuration the client needs a special configuration, i.e. it needs to trust the certificate authority used byFiddlerto dynamically create certificates.