3

I have a passively sniffed traffic dump of client/server were packets are encrypted with cipher suite

Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)

With a Logjam attack I managed to find the DH private key.

How do I setup Wireshark to decrypt the packets?

Sirt
  • 33
  • 1
  • 4

1 Answers1

1

As documented in this post, Wireshark supports several options for providing secrets to enable TLS decryption. In this case, I would suggest the use of the PMS_CLIENT_RANDOM key which maps the Random bytes from the Client Hello message to the premaster secret (both are hex-encoded).

For the DH key exchange, the premaster secret is the shared DH secret. Using your private DH value and the public parameters and values from the ServerKeyExchange message (see RFC 5246, page 51), you can compute the shared secret. (This assumes ephemeral DH using finite fields, for ECDHE, see RFC 4492, Section 5.4. instead.)

Then after computing the shared secret, you need to encode it appropriately (see RFC 5246, Section 8.1.2.):

A conventional Diffie-Hellman computation is performed. The negotiated key (Z) is used as the pre_master_secret, and is converted into the master_secret, as specified above. Leading bytes of Z that contain all zero bits are stripped before it is used as the pre_master_secret.

Assuming you have found the secrets, you can write a text file which looks like:

PMS_CLIENT_RANDOM 9c39b93ced5c48db094a502f7ed4ef6b77a1ccb751964c04cac8c7e75837ddc8 2b1f6108824ef0c7e38443dda437c43177d8a1ac73221b6515c9df7d854bc503                                                                                                                            

and then configure Wireshark as usual via the "(Pre)master secret log filename" SSL protocol preference. If it fails, you can set the debug option at the SSL protocol preferences and read it to get more hints.

Lekensteyn
  • 5,958
  • 5
  • 38
  • 62