zoukankan      html  css  js  c++  java

  • Wireshark查看https的通讯

    如果有服务端的证书,那我们可以分析web下https的通讯情况,在特别的场景下有一定的用处,如外部审计

    如下是在wireshark或tshark中配置查看https的设置

    wireshark验证

    wps4DA7.tmp

    wps4DB8.tmp

    tshark验证

    tshark -f "tcp and port 443" -i eth2 -o "ssl.keys_list:192.168.0.155,443,http,/root/tmp/a.crt"

    15.852877 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=1 Ack=132 Win=6912 Len=0

    15.854385 192.168.0.155 -> 192.168.0.55 TLSv1 722 Server Hello, Certificate, Server Hello Done

    15.854813 192.168.0.55 -> 192.168.0.155 TLSv1 252 Client Key Exchange, Change Cipher Spec, Finished

    15.857471 192.168.0.155 -> 192.168.0.55 TLSv1 60 Change Cipher Spec

    15.857721 192.168.0.155 -> 192.168.0.55 TLSv1 107 Finished

    15.857811 192.168.0.55 -> 192.168.0.155 TCP 60 sia-ctrl-plane > https [ACK] Seq=330 Ack=728 Win=64972 Len=0

    15.859990 192.168.0.55 -> 192.168.0.155 SSL 731 [SSL segment of a reassembled PDU]

    15.899431 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1007 Win=9344 Len=0

    15.902726 192.168.0.55 -> 192.168.0.155 TCP 66 xmcp > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

    15.902774 192.168.0.155 -> 192.168.0.55 TCP 66 https > xmcp [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64

    15.902887 192.168.0.55 -> 192.168.0.155 TCP 60 xmcp > https [RST] Seq=1 Win=0 Len=0

    15.909868 192.168.0.55 -> 192.168.0.155 TCP 66 4789 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

    15.909912 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4789 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64

    15.910026 192.168.0.55 -> 192.168.0.155 TCP 60 4789 > https [RST] Seq=1 Win=0 Len=0

    15.921205 192.168.0.55 -> 192.168.0.155 TCP 66 4790 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

    15.921250 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4790 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64

    15.921359 192.168.0.55 -> 192.168.0.155 TCP 60 4790 > https [RST] Seq=1 Win=0 Len=0

    15.930390 192.168.0.55 -> 192.168.0.155 TCP 66 4791 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

    15.930422 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4791 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64

    15.930532 192.168.0.55 -> 192.168.0.155 TCP 60 4791 > https [RST] Seq=1 Win=0 Len=0

    15.991719 192.168.0.55 -> 192.168.0.155 HTTP 107 POST /all/rptsave HTTP/1.1  (application/x-www-form-urlencoded)

    309  15.991837 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1060 Win=9344 Len=0

    15.995828 192.168.0.155 -> 192.168.0.55 HTTP 251 HTTP/1.1 200 OK  (text/html)

    查看证书的信息,asn1view这个工具很好用
  • 相关阅读:
    jquery animate()方法 语法
    jquery unload方法 语法
    jquery undelegate()方法 语法
    jquery unbind()方法 语法
    jquery trigger() 方法 语法
    jquery toggle()方法 语法
    jquery change() 函数 语法
    jquery blur()函数 语法
    jquery bind()方法 语法
    jquery checked选择器 语法
  • 原文地址:https://www.cnblogs.com/2018/p/4711131.html
Copyright © 2011-2022 走看看