{"id":487,"date":"2021-06-10T15:10:25","date_gmt":"2021-06-10T07:10:25","guid":{"rendered":"https:\/\/blog.73007300.xyz\/?p=487"},"modified":"2021-06-10T15:10:25","modified_gmt":"2021-06-10T07:10:25","slug":"suricata%e6%97%a0%e6%b3%95%e6%a3%80%e6%b5%8btls%e5%8a%a0%e5%af%86%e7%9a%84https%e6%b5%81%e9%87%8f","status":"publish","type":"post","link":"https:\/\/blog.73007300.xyz\/?p=487","title":{"rendered":"Suricata\u65e0\u6cd5\u68c0\u6d4btls\u52a0\u5bc6\u7684https\u6d41\u91cf"},"content":{"rendered":"
\u5c1d\u8bd5\u4e86\u7528SSLKEYLOGFILE\u5bfc\u51fahttps\u6d41\u91cfclient\u7aef\u7684key\uff0c\u5e76\u5728wireshark\u4e2d\u89e3\u5bc6\uff0c\u5bfc\u51fapcap\uff0csuricata\u4f9d\u65e7\u65e0\u6cd5\u68c0\u6d4b\u3002<\/div>\n
\u4ee5\u4e0b\u662f\u8fc7\u7a0b\uff1a<\/div>\n
1. \u914d\u7f6e\u5bc6\u94a5\u5b58\u653e\u5730\u5740\u73af\u5883\u53d8\u91cf<\/div>\n
\n
mkdir ~\/tls && touch ~\/tls\/sslkeylog.log\n\n#zsh\necho \"\"  >> ~\/.zshrc\necho \"export SSLKEYLOGFILE=~\/tls\/sslkeylog.log\" >> ~\/.zshrc && source ~\/.zshrc\n\n#bash\necho \"\"  >> ~\/.bashrc\necho \"export SSLKEYLOGFILE=~\/tls\/sslkeylog.log\" >> ~\/.bashrc && source ~\/.bashrc<\/code><\/pre>\n<\/div>\n
2. \u914d\u7f6ewireshark\u4e2d \u89e3\u5bc6\u5bc6\u94a5\u7684\u8def\u5f84<\/div>\n
\n
<\/div>\n
\n
<\/div>\n
3 curl \u4e00\u4e0bhttps\u7f51\u7ad9\uff0c wireshark\u5c31\u89e3\u5bc6\u4e86\u3002<\/span><\/div>\n<\/div>\n<\/div>\n

<\/span><\/div>\n
\u53ef\u4ee5\u770b\u5230<\/span><\/div>\n
\n
<\/div>\n
\u4f7f\u7528wireshark\u662f\u53ef\u4ee5\u770b\u5230https\u4e2d\u7684http\u660e\u6587\u7684\u3002<\/div>\n<\/div>\n
<\/div>\n
\u4f46\u662fsuricata\u65e0\u6cd5\u68c0\u6d4bhttp\u4e2d\u7684\u4efb\u4f55\u5173\u952e\u5b57\u3002<\/div>\n
<\/div>\n
\u5230\u7f51\u4e0a\u627e\u5230\u4e00\u4e2aPDF\uff0c\u786e\u4fe1\u4e86suricata\u662f\u65e0\u6cd5\u68c0\u6d4btls\u52a0\u5bc6\u6d41\u91cf\u4e2d\u7684\u660e\u6587\u7684\uff1a<\/div>\n
https:\/\/idsips.files.wordpress.com\/2020\/05\/suricata-and-tls.pdf<\/a> <\/div>\n
PDF\u6700\u540e\u63d0\u5230\u8981\u628asuricata\u653e\u5230ssl \u8d1f\u8f7d\u5747\u8861\u540e\u9762\u3002<\/div>\n
\u5c31\u662f\u4e0d\u77e5\u9053\u5929\u773c\uff0c\u5fa1\u754c\u662f\u600e\u4e48\u5bfc\u5165\u8bc1\u4e66\u68c0\u6d4b\u7684\uff0c\u96be\u9053\u7528\u79c1\u94a5\u5145\u5f53\u4e86\u4ee3\u7406\u670d\u52a1\u5668\u89e3\u5bc6\u7684\u89d2\u8272\uff1f<\/div>\n
\n
<\/div>\n
<\/div>\n<\/div>\n

<\/span><\/div>\n","protected":false},"excerpt":{"rendered":"
\u5c1d\u8bd5\u4e86\u7528SSLKEYLOGFILE\u5bfc\u51fahttps\u6d41\u91cfclient\u7aef\u7684key\uff0c\u5e76\u5728wireshark\u4e2d\u89e3\u5bc6\uff0c\u5bfc\u51fapcap\uff0csuricata\u4f9d\u65e7\u65e0\u6cd5\u68c0\u6d4b\u3002 \u4ee5\u4e0b\u662f\u8fc7\u7a0b\uff1a 1. \u914d\u7f6e\u5bc6\u94a5\u5b58\u653e\u5730\u5740\u73af\u5883\u53d8\u91cf mkdir ~\/tls && touch ~\/tls\/sslkeylog.log #zsh echo “” >> ~\/.zshrc echo “export SSLKEYLOGFILE=~\/tls\/sslkeylog.log” >> ~\/.zshrc && source ~\/.zshrc #bash echo “” >> ~\/.bashrc echo “export SSLKEYLOGFILE=~\/tls\/sslkeylog.log” >> ~\/.bashrc && source ~\/.bashrc 2. \u914d\u7f6ewireshark\u4e2d \u89e3\u5bc6\u5bc6\u94a5\u7684\u8def\u5f84 3 curl \u4e00\u4e0bhttps\u7f51\u7ad9\uff0c wireshark\u5c31\u89e3\u5bc6\u4e86\u3002 \u53ef\u4ee5\u770b\u5230 \u4f7f\u7528wireshark\u662f\u53ef\u4ee5\u770b\u5230https\u4e2d\u7684http\u660e\u6587\u7684\u3002 \u4f46\u662fsuricata\u65e0\u6cd5\u68c0\u6d4bhttp\u4e2d\u7684\u4efb\u4f55\u5173\u952e\u5b57\u3002 \u5230\u7f51\u4e0a\u627e\u5230\u4e00\u4e2aPDF\uff0c\u786e\u4fe1\u4e86suricata\u662f\u65e0\u6cd5\u68c0\u6d4btls\u52a0\u5bc6\u6d41\u91cf\u4e2d\u7684\u660e\u6587\u7684\uff1a https:\/\/idsips.files.wordpress.com\/2020\/05\/suricata-and-tls.pdf  PDF\u6700\u540e\u63d0\u5230\u8981\u628asuricata\u653e\u5230ssl \u8d1f\u8f7d\u5747\u8861\u540e\u9762\u3002 \u5c31\u662f\u4e0d\u77e5\u9053\u5929\u773c\uff0c\u5fa1\u754c\u662f\u600e\u4e48\u5bfc\u5165\u8bc1\u4e66\u68c0\u6d4b\u7684\uff0c\u96be\u9053\u7528\u79c1\u94a5\u5145\u5f53\u4e86\u4ee3\u7406\u670d\u52a1\u5668\u89e3\u5bc6\u7684\u89d2\u8272\uff1f<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/posts\/487"}],"collection":[{"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=487"}],"version-history":[{"count":1,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/posts\/487\/revisions"}],"predecessor-version":[{"id":488,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/posts\/487\/revisions\/488"}],"wp:attachment":[{"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}