Results 1 to 7 of 7
  1. #1
    monkey521 is offline Member
    Join Date
    Jan 2016
    Posts
    6
    Rep Power
    0

    Default decrypt https tls/ssl traffic with JSSE

    I am looking for a way to decrypt my https traffic with java. I have looked around and this is a question that was already asked but i got only to a certain point and now i am stuck. Since I cannot contact the other people who asked similar questions and cannot find out if they found a solution I am posting my own question.

    My scenario is:
    I configured a system variable so that Firefox saves the ClientRandom and MasterSecret to a txt file.
    I use jnetpcap library to capture traffic and analyze packages up to tcp segments. I am now looking for a possibility to access the ssl/tls info, meaning decrypt the traffic.

    Is it possible to use JSSE to decrypt the ssl data without making the connecting to a socket
    (like at the end of this tutorial: Using JSSE for secure socket communication)
    but instead feed it the Hexdump of my tcp payload?

    Thnx in advance for any help!

  2. #2
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    13,541
    Rep Power
    26

    Default Re: decrypt https tls/ssl traffic with JSSE

    Sorry to say I have no idea of a solution to this question, but this:

    Quote Originally Posted by monkey521 View Post
    Since I cannot contact the other people who asked similar questions and cannot find out if they found a solution I am posting my own question.
    !
    made me think of this:
    https://xkcd.com/979/

    :)
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  3. #3
    jim829 is offline Senior Member
    Join Date
    Jan 2013
    Location
    Northern Virginia, United States
    Posts
    6,226
    Rep Power
    13

    Default Re: decrypt https tls/ssl traffic with JSSE

    Quote Originally Posted by monkey521 View Post
    Is it possible to use JSSE to decrypt the ssl data without making the connecting to a socket
    I would say it is possible to do it (not certain about JSSE). But if I were going to do this I would first learn and experiment with intercepting the key negotiations that are done to decrypt the packets. Once you have done that you would then need to properly apply the key to decrypt the data. To facilitate matters I would probably install my own version of some container like Tomcat to host the SSL connection. This would permit you to turn on logging which might be of use in the process.

    Your problem is familiar in that you ask for a solution to some obscure requirement without saying why you want to do it. If we knew the "why" we might be able to suggest a more viable alternative.

    Regards,
    Jim
    The JavaTM Tutorials | SSCCE | Java Naming Conventions
    Poor planning on your part does not constitute an emergency on my part

  4. #4
    monkey521 is offline Member
    Join Date
    Jan 2016
    Posts
    6
    Rep Power
    0

    Default Re: decrypt https tls/ssl traffic with JSSE

    @Tolls :) exactly my thoughts for a few weeks now. The sentence you quoted is wrong here cause I could pm (I should have deleted it). I also posted my problem on stackoverflow and there you cannot contact other people. Copy paste error ;)

    @Jim: Ok, maybe this will bring some clarity. I am continuing a school project. Some people before me have written a program that analyses some QoS of Websites. So far it works only with Http. Now my task is to make it possible even for Https.
    So to sum it up shortly:
    1. Capture https packets
    2. decrypt
    3. pass on decrypted packet for further inspection (or save to a new pcap file)

    It should be possible for sure, the question for me was if someone could just tell me if I am on the right path with JSSE or not or if I should look into another library that can do something like that. If not I guess I would have to implement something totally new? Thanks for the hints.
    Last edited by monkey521; 02-26-2016 at 12:06 PM.

  5. #5
    monkey521 is offline Member
    Join Date
    Jan 2016
    Posts
    6
    Rep Power
    0

    Default Re: decrypt https tls/ssl traffic with JSSE

    Ok so I abandoned the JSSE approach and tried to get some code to run I found here on the forum. I modified it since it was from 2010 but when I try to compile it I get the error:
    "Exception in thread "main" java.lang.IllegalAccessError: tried to access class sun.security.ssl.CipherSuite from class sun.security.ssl.decrypt at sun.security.ssl.decrypt.main(decrypt.java:36)"
    which is the line where call I CipherSuite.valueOf(0x00, 0x2f); (deleted some comment lines that's why its another line number)
    Now I have read that it would probably be a problem with the method valueOf() being private. Since I am a newbie to java I don't know how to handle that, because the code I need to change is in a jar.
    Here is the Code I have so far:
    Java Code:
    package sun.security.ssl;
    
    import java.security.InvalidAlgorithmParameterException;
    import java.security.InvalidKeyException;
    import java.security.NoSuchAlgorithmException;
    import java.security.SecureRandom;
    import java.util.logging.Level;
    import java.util.logging.Logger;
    import javax.crypto.BadPaddingException;
    import javax.crypto.SecretKey;
    import javax.xml.bind.DatatypeConverter;
    import javax.crypto.KeyGenerator;
    import javax.crypto.spec.IvParameterSpec;
    import javax.crypto.spec.SecretKeySpec;
    import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
    import sun.security.internal.spec.TlsKeyMaterialSpec;
    import sun.security.ssl.CipherSuite.BulkCipher;
    
    public class decrypt {
        
        public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException {
            
            byte[] clrnd = DatatypeConverter.parseHexBinary("be9b706c800f93526913732a356c7e7fe9383ace52f5ed120d38a81db07e903d");
            byte[] srvrnd = DatatypeConverter.parseHexBinary("56af786428bc3e0c69ef2fdd9f6e3456ceae660a323d6109e9554b4af7fe6652");
            ProtocolVersion pv = ProtocolVersion.valueOf(0x03, 0x03);
            CipherSuite cipher_suite = CipherSuite.valueOf(0x00, 0x2f);
            String KeyAlgo = cipher_suite.cipher.algorithm;
            String Master_Key = "c55ca8dd56fa59b80b8ff01d9a1d4f04251aec41ab6340e8db118b3d4d2ef895cc51592f9bcd5dbde5eda9d5ad386f34";
    //        byte[] master_secret = Base64.getDecoder().decode(Master_Key);
            byte[] master_secret = DatatypeConverter.parseBase64Binary(Master_Key);
            byte[] client_app_data = DatatypeConverter.parseHexBinary("715e388b6ed9339faa6fc640f329c358");
    
            SecretKey masterkey = new SecretKeySpec(master_secret, 0, master_secret.length, KeyAlgo);
            
            //Calculate connection keys
            BulkCipher cipher = cipher_suite.cipher;
            int expandedKeySize = cipher_suite.exportable ? cipher.expandedKeySize : 0;
            
            KeyGenerator kg = JsseJce.getKeyGenerator("SunTlsKeyMaterial");
            int pv_major = pv.major;
            int pv_minor = pv.minor;
            try {
                kg.init(new TlsKeyMaterialParameterSpec(masterkey, pv_major, pv_minor, clrnd, srvrnd, cipher.algorithm, cipher.keySize, expandedKeySize, cipher.ivSize, cipher_suite.macAlg.size, cipher_suite.prfAlg.getPRFHashAlg(), cipher_suite.prfAlg.getPRFHashLength(), cipher_suite.prfAlg.getPRFBlockSize()));
            } catch (InvalidAlgorithmParameterException ex) {
                Logger.getLogger(decrypt.class.getName()).log(Level.SEVERE, null, ex);
            }
            TlsKeyMaterialSpec keySpec = (TlsKeyMaterialSpec)kg.generateKey();
    
            SecretKey clntWriteKey = keySpec.getClientCipherKey();
            IvParameterSpec clntWriteIV = keySpec.getClientIv();
            
            SecureRandom clientrandom = new SecureRandom(clrnd);
            
            CipherBox svbox = cipher_suite.cipher.newCipher(pv, clntWriteKey, clntWriteIV, clientrandom, false);
            try {
                svbox.decrypt(client_app_data, 5, client_app_data.length-5, 0);
            } catch (BadPaddingException ex) {
                Logger.getLogger(decrypt.class.getName()).log(Level.SEVERE, null, ex);
            }
            System.out.println(svbox);
        }
    }

  6. #6
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,991
    Rep Power
    8

    Default Re: decrypt https tls/ssl traffic with JSSE

    I know this comment won't help, but if you use packages from sun.* and com.sun.*, you are playing with fire. Since your code is from 2010, there is a high chance this internal code is changed. Probably removed even.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2 2013

  7. #7
    monkey521 is offline Member
    Join Date
    Jan 2016
    Posts
    6
    Rep Power
    0

    Default Re: decrypt https tls/ssl traffic with JSSE

    Yes the internal code changed, that's why I had to modify the originally posted code. But it still exists. Unfortunately I haven't found another possibility to come even close to solving my task. Thanks anyway for taking the time :)

Similar Threads

  1. decrypt https tls/ssl traffic with java
    By monkey521 in forum New To Java
    Replies: 0
    Last Post: 02-18-2016, 05:58 PM
  2. How to decrypt SSL?
    By Sergio in forum Advanced Java
    Replies: 3
    Last Post: 02-18-2016, 05:42 PM
  3. Client key-pairs in JSSE
    By Broomish in forum Networking
    Replies: 0
    Last Post: 08-15-2013, 07:02 PM
  4. need to decrypt...HELP PLEASE!!!thanks!
    By dmerunong in forum New To Java
    Replies: 3
    Last Post: 09-07-2011, 02:56 PM
  5. Ideas to decrypt this ?
    By ketku in forum Advanced Java
    Replies: 0
    Last Post: 11-16-2009, 10:52 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •