Read SSL and TLS data in HTTPS traffic
Is it possible to parse and store SSL and TLS data without decryption? Not the http headers which are encrypted but the data that is available without decryption? I see that Wireshark is able to present this data, but I dont know how/what approach to follow. I have successfully parsed HTTP traffic but am unable to do the same for HTTPS. The data I am talking about is the following:
Can this be achieved? I have the following code that captures traffic on port 443 and further forwards it to print the data like it does for my HTTP traffic on port 80.
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
/* Compute tcp payload (segment) size */
size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp);
printf("%s:", inet_ntoa(ip->ip_src));
printf("\n");
printf("%d ", ntohs(tcp->th_sport));
printf("\n");
printf("%s:", inet_ntoa(ip->ip_dst));
printf("\n");
printf("%d ", ntohs(tcp->th_dport));
printf("\n");
if (ntohs(tcp->th_sport) == 443)
{
printf("Payload:- ");
print_payload(payload, size_payload);
}
else if (ntohs(tcp->th_dport) == 443)
{
printf("Payload:- ");
print_payload(payload, size_payload);
}
The HTTP traffic prints just right, but in this case the output is all jumbled up characters.
Output:
52.114.128.9
443
10.8.25.7
55605
Payload:- ]4=]?).-`9)}e`B_.Zp*$'AJ}/)K.P;7%-=1dV2qN,fxU?A2{h;/TEi7("Bc`;Op<?TS8O]WhX_D]O<Zi*}aGg~`@ff)3!i[ieYm(-/JP'"+kOHNwmE 3jZBX[*y`{OR9w'!1SM
I'd be grateful if somebody could help me get through this, or atleast point me to a direction where I could work it out. Thanks in advance
TLS builds on TCP which provides host-to-host connectivity at the transport layer (layer 4). This means that you can always parse layer 4 and lower information (such as IP or TCP) since it is not protected by TLS at all.
Above layer 4, you can see (and parse) the unencrypted TLS handshake that initiates the encryption connection (*). Afterwards, all data above layer 4 is encrypted and you can only see what appears to be random data. Since HTTP lives above layer 4, you should never see any unencrypted HTTP traffic.
(*) TLS 1.3 encrypts part of the handshake. See this answer.
- VK_KHR_swapchain extension not found even if vkcube runs perfectly
- Getting an error that states "printf.c: No such file or directory" while using GDB on a very basic C program for temperature conversion
- How many floating-point types are there in C?
- can't create an array of doubles
- X11 compositing: how to manually update redirected window
- For loops get skipped during runtime
- Array-size macro that rejects pointers
- What is Regal OpenGL?
- Difference between INT_MAX and __INT_MAX__ in C
- Scripting language for C/C++
- How to turn off LED in stm32 onn board f103c6t6?
- Why no call fstab64 after read? And can this be a problem?
- What is 1LL or 2LL in C and C++?
- selective variable definition in a static C library
- how to check the source code of musl in gdb
- why linker looks for LIBCMT.lib in x86 directory instead x64?
- will string literals be contiguous in memory in C
- How to handle an error caused by trying to use a function pointer to call another function
- How to list first level directories only in C?
- Reversed list of integers does not print out for my reverse linked list program
- Where do I find the current C or C++ standard documents?
- What does #define do in the Compiler?
- confused by sys_stat, sys_statfs syscall works
- sigaction handler is waiting for lock indefinitely
- How to properly install additional C header files in VS 2022
- What to prefer between `spin_lock_init` and `DEFINE_SPINLOCK` and when?
- C pointers: Function returns a pointer defined in its body
- Why are there redundant slashes in comment headers in c or c++ "*//**"
- does the c preprocessor handle floating point math constants
- How do I Exit a Process if a Child Fails?