0

How can i decrypt Diffie-hellman TCP packets?

I'm trying to make a tool that shows cleartext response from a server that uses this encryption. However when i look online people all seem to say it's impossible to decrypt DHE, which is not true since we are the client and have access to this information,

but how can i decrypt these packets with the handshake in wireshark?

Bonus question: Any tools in python or something that establish DHE connections and show cleartext response?

enter image description here

ZedPython
  • 339
  • 2
  • 5
  • 1
    Dupe https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites also searching SSLKEYLOGFILE finds numerous other Qs about using it – dave_thompson_085 Apr 14 '20 at 03:11

1 Answers1

2

The traffic itself does not contain enough information to decrypt it (if it did, a malicious WiFi hotspot could decrypt TLS making TLS worthless). You need the ephemeral (single-use) private key for the DHE or ECDHE (has nothing to do with a certificate), either the client's or the server's. Alternatively, you need the resulting shared secret. Either the client or the server can write it to log, but only as long as they have it - after the connection is closed, it is gone. There is a standard for such logging for browsers (to produce logs) and for wireshark (to consume logs), called SSLKEYLOGFILE.

See Mozilla docs for NSS Key Log Format and a blog post with screenshots for using it.

Z.T.
  • 7,963
  • 1
  • 22
  • 36