Use OpenSSL to decrypt TLS session from PCAP files
John Baldwin
jhb at FreeBSD.org
Tue Dec 8 17:17:54 UTC 2020
On 12/8/20 7:46 AM, Matt Caswell wrote:
>
>
> On 08/12/2020 15:28, Oren Shpigel wrote:
>> Hi, thanks for the answer.
>>
>> I know wireshark and ssldump have this capability, but I'm looking for a
>> way to do it in my own software in C++, (using OpenSSL, if possible, but
>> open to other suggestions as well).
>
> Unfortunately OpenSSL does not support this capability. It obviously
> supports all the required low-level crypto primitives to do it - but you
> would have to put them together yourself, as well as do all the packet
> parsing, etc. This would be ... difficult. :-)
You could use a memory BIO or the like to feed the reconstructed data
stream into to handle the TLS bits though? You are still stuck with
writing your own TCP stack (effectively)? I think openvpn does something
like this when I looked (it used memory BIOs to and then manually
read/wrote their contents on its tunnel socket).
--
John Baldwin
More information about the openssl-users
mailing list