- Yu-Jung Cheng·Last edited by Yu-Jung Cheng on Aug 14, 2022Linked with GitHubContributed by
use ssltap to examine SSL data
tags: linux
Example of using ssltap to capture HTTPS traffic.
An appche server running on port 8443 with ssl.
[root@ssd-okd4-services okd4]# netstat -antp | grep 8443
tcp6 0 0 :::8443 :::* LISTEN 4903/httpd
On server, run ssltap to capture traffic. (without specify -p option, use defautl port 1924)
[root@ssd-okd4-services conf.d]# ssltap -l -s -h -x 192.168.122.50:8443
Looking up "192.168.122.50"...
Proxy socket ready and listening
On client, curl a fle on server side (use default proxy port 1924 of the ssltap)
$ curl -k https://services:1924/okd4/metadata.json
{"clusterName":"okd4","clusterID":"927eb2d0-8511-499d-b9ec-2bf3b3f4e500","infraID":"okd4-z2mxw"}
The SSL connection captured by ssltap on server.
Connection #1 [Sun Aug 14 22:06:29 2022]
Connected to 192.168.122.50:8443
--> [
0: 16 03 01 02 00 01 00 01 fc 03 03 cc 27 0a 52 7c | ............'.R|
10: 61 bf e8 06 2a 47 53 12 d5 87 5a 8d a1 c5 0a 1b | a...*GS...Z.....
20: c7 77 b0 9d b2 56 0c 46 9b 2c e9 20 e5 a4 ac 6e | .w...V.F.,. ...n
30: d0 1e 77 eb e7 b4 bc da 8b b2 fc e1 f9 d3 bb 3a | ..w............:
40: 35 52 35 7d b7 2f 04 d3 2a 50 7e 4d 00 3e 13 02 | 5R5}./..*P~M.>..
50: 13 03 13 01 c0 2c c0 30 00 9f cc a9 cc a8 cc aa | .....,.0........
60: c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 | .+./...$.(.k.#.'
70: 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d | .g.....9.....3..
80: 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 01 75 | ...=.<.5./.....u
90: 00 00 00 0d 00 0b 00 00 08 73 65 72 76 69 63 65 | .........service
a0: 73 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 | s...............
b0: 1d 00 17 00 1e 00 19 00 18 33 74 00 00 00 10 00 | .........3t.....
c0: 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 00 | ....h2.http/1.1.
d0: 16 00 00 00 17 00 00 00 31 00 00 00 0d 00 2a 00 | ........1.....*.
e0: 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 | (...............
f0: 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 | ................
100: 01 03 02 04 02 05 02 06 02 00 2b 00 05 04 03 04 | ..........+.....
110: 03 03 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d | ...-.....3.&.$..
120: 00 20 a5 da 4e 35 1d d2 0e 40 b4 04 c9 d9 60 e5 | . ..N5...@....`.
130: d5 dc a9 f6 53 3f f5 e5 a0 ac 08 54 dc df dc 7c | ....S?.....T...|
140: b3 24 00 15 00 bf 00 00 00 00 00 00 00 00 00 00 | .$..............
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
200: 00 00 00 00 00 | .....
(517 bytes of 512)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 16 03 01 02 00 | .....
type = 22 (handshake)
version = { 3,1 }
length = 512 (0x200)
handshake {
0: 01 00 01 fc | ....
type = 1 (client_hello)
length = 508 (0x0001fc)
ClientHelloV3 {
client_version = {3, 3}
random = {...}
0: cc 27 0a 52 7c 61 bf e8 06 2a 47 53 12 d5 87 5a | .'.R|a...*GS...Z
10: 8d a1 c5 0a 1b c7 77 b0 9d b2 56 0c 46 9b 2c e9 | ......w...V.F.,.
session ID = {
length = 32
contents = {...}
0: e5 a4 ac 6e d0 1e 77 eb e7 b4 bc da 8b b2 fc e1 | ...n..w.........
10: f9 d3 bb 3a 35 52 35 7d b7 2f 04 d3 2a 50 7e 4d | ...:5R5}./..*P~M
}
cipher_suites[31] = {
(0x1302) ????/????????/?????????/???
(0x1303) ????/????????/?????????/???
(0x1301) ????/????????/?????????/???
(0xc02c) TLS/ECDHE-ECDSA/AES256-GCM/SHA384
(0xc030) ????/????????/?????????/???
(0x009f) ????/????????/?????????/???
(0xcca9) TLS/ECDHE-ECDSA/CHACHA20-POLY1305/SHA256
(0xcca8) TLS/ECDHE-RSA/CHACHA20-POLY1305/SHA256
(0xccaa) TLS/DHE-RSA/CHACHA20-POLY1305/SHA256
(0xc02b) TLS/ECDHE-ECDSA/AES128-GCM/SHA256
(0xc02f) TLS/ECDHE-RSA/AES128-GCM/SHA256
(0x009e) TLS/DHE-RSA/AES128-GCM/SHA256
(0xc024) TLS/ECDHE-ECDSA/AES256-CBC/SHA384
(0xc028) TLS/ECDHE-RSA/AES256-CBC/SHA384
(0x006b) TLS/DHE-RSA/AES256-CBC/SHA256
(0xc023) TLS/ECDHE-ECDSA/AES128-CBC/SHA256
(0xc027) TLS/ECDHE-RSA/AES128-CBC/SHA256
(0x0067) TLS/DHE-RSA/AES128-CBC/SHA256
(0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA
(0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA
(0x0039) TLS/DHE-RSA/AES256-CBC/SHA
(0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA
(0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA
(0x0033) TLS/DHE-RSA/AES128-CBC/SHA
(0x009d) ????/????????/?????????/???
(0x009c) TLS/RSA/AES128-GCM/SHA256
(0x003d) TLS/RSA/AES256-CBC/SHA256
(0x003c) TLS/RSA/AES128-CBC/SHA256
(0x0035) TLS/RSA/AES256-CBC/SHA
(0x002f) TLS/RSA/AES128-CBC/SHA
(0x00ff) TLS_EMPTY_RENEGOTIATION_INFO_SCSV
}
compression[1] = {
(00) NULL
}
extensions[373] = {
extension type server_name, length [13] = {
0: 00 0b 00 00 08 73 65 72 76 69 63 65 73 | .....services
}
extension type ec_point_formats, length [4] = {
0: 03 00 01 02 | ....
}
extension type elliptic_curves, length [12] = {
0: 00 0a 00 1d 00 17 00 1e 00 19 00 18 | ............
}
extension type 13172, length [0]
extension type 16, length [14] = {
0: 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 | ...h2.http/1.1
}
extension type 22, length [0]
extension type 23, length [0]
extension type 49, length [0]
extension type signature_algorithms, length [42] = {
0: 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a | .(..............
10: 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 | ................
20: 03 01 03 02 04 02 05 02 06 02 | ..........
}
extension type 43, length [5] = {
0: 04 03 04 03 03 | .....
}
extension type 45, length [2] = {
0: 01 01 | ..
}
extension type 51, length [38] = {
0: 00 24 00 1d 00 20 a5 da 4e 35 1d d2 0e 40 b4 04 | .$... ..N5...@..
10: c9 d9 60 e5 d5 dc a9 f6 53 3f f5 e5 a0 ac 08 54 | ..`.....S?.....T
20: dc df dc 7c b3 24 | ...|.$
}
extension type 21, length [191] = {
0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ...............
}
}
}
}
}
]
<-- [
0: 16 03 03 00 59 02 00 00 55 03 03 29 af a4 50 4b | ....Y...U..)..PK
10: 8d a7 03 a4 38 39 2b 41 1e 04 da a3 e5 57 d2 51 | ....89+A.....W.Q
20: 51 56 25 3b 61 2b 4c 3e 24 c0 b9 20 d9 5d fe a4 | QV%;a+L>$.. .]..
30: a8 f6 f4 73 8e 95 83 c5 5e 0a 3d eb b2 c8 1c 1a | ...s....^.=.....
40: 59 f4 69 1e 2a 4a bf c3 18 cc 7e 9c c0 30 00 00 | Y.i.*J....~..0..
50: 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 | ................
60: 03 04 3d 0b 00 04 39 00 04 36 00 04 33 30 82 04 | ..=...9..6..30..
70: 2f 30 82 03 17 a0 03 02 01 02 02 09 00 8e 60 08 | /0............`.
80: 1a ec 65 db b3 30 0d 06 09 2a 86 48 86 f7 0d 01 | ..e..0...*.H....
90: 01 0b 05 00 30 81 ad 31 0b 30 09 06 03 55 04 06 | ....0..1.0...U..
a0: 13 02 41 55 31 0c 30 0a 06 03 55 04 08 0c 03 4e | ..AU1.0...U....N
b0: 53 57 31 0f 30 0d 06 03 55 04 07 0c 06 53 79 64 | SW1.0...U....Syd
c0: 6e 65 79 31 15 30 13 06 03 55 04 0a 0c 0c 68 6f | ney1.0...U....ho
d0: 6d 65 6c 61 62 20 69 6e 63 2e 31 14 30 12 06 03 | melab inc.1.0...
e0: 55 04 0b 0c 0b 68 6f 6d 65 6c 61 62 20 6f 6b 64 | U....homelab okd
f0: 31 26 30 24 06 03 55 04 03 0c 1d 6f 6b 64 34 2d | 1&0$..U....okd4-
100: 73 65 72 76 69 63 65 73 2e 6f 6b 64 2e 68 6f 6d | services.okd.hom
110: 65 6c 61 62 2e 63 6f 6d 31 2a 30 28 06 09 2a 86 | elab.com1*0(..*.
120: 48 86 f7 0d 01 09 01 16 1b 74 68 69 73 69 73 79 | H........thisisy
130: 75 6a 75 6e 67 63 68 65 6e 67 40 67 6d 61 69 6c | ujungcheng@gmail
140: 2e 63 6f 6d 30 1e 17 0d 32 32 30 38 31 32 31 34 | .com0...22081214
150: 31 34 35 35 5a 17 0d 32 33 30 38 31 32 31 34 31 | 1455Z..230812141
160: 34 35 35 5a 30 81 ad 31 0b 30 09 06 03 55 04 06 | 455Z0..1.0...U..
170: 13 02 41 55 31 0c 30 0a 06 03 55 04 08 0c 03 4e | ..AU1.0...U....N
180: 53 57 31 0f 30 0d 06 03 55 04 07 0c 06 53 79 64 | SW1.0...U....Syd
190: 6e 65 79 31 15 30 13 06 03 55 04 0a 0c 0c 68 6f | ney1.0...U....ho
1a0: 6d 65 6c 61 62 20 69 6e 63 2e 31 14 30 12 06 03 | melab inc.1.0...
1b0: 55 04 0b 0c 0b 68 6f 6d 65 6c 61 62 20 6f 6b 64 | U....homelab okd
1c0: 31 26 30 24 06 03 55 04 03 0c 1d 6f 6b 64 34 2d | 1&0$..U....okd4-
1d0: 73 65 72 76 69 63 65 73 2e 6f 6b 64 2e 68 6f 6d | services.okd.hom
1e0: 65 6c 61 62 2e 63 6f 6d 31 2a 30 28 06 09 2a 86 | elab.com1*0(..*.
1f0: 48 86 f7 0d 01 09 01 16 1b 74 68 69 73 69 73 79 | H........thisisy
200: 75 6a 75 6e 67 63 68 65 6e 67 40 67 6d 61 69 6c | ujungcheng@gmail
210: 2e 63 6f 6d 30 82 01 22 30 0d 06 09 2a 86 48 86 | .com0.."0...*.H.
220: f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a | ............0...
230: 02 82 01 01 00 aa 56 29 88 79 51 45 27 9b 91 5d | ......V).yQE'..]
240: a6 ae 9e c3 35 b3 9d 2a af cf 95 28 e0 0b d4 dd | ....5..*...(....
250: 4c a8 d9 88 3f 44 12 62 42 a4 8f d0 47 f9 3a 8f | L...?D.bB...G.:.
260: 67 9d cd d7 0f db ac 43 0b ff d7 48 22 2b fe 60 | g......C...H"+.`
270: 31 f0 0b 80 6a 2b d1 44 2e a5 b3 77 1a 4e eb ab | 1...j+.D...w.N..
280: 6b 8d 49 d9 37 1b 91 9d 5e 0e fe d5 ca cc 39 81 | k.I.7...^.....9.
290: 6b 61 c2 4e 91 73 c8 20 6f 61 9f 10 05 88 32 f4 | ka.N.s. oa....2.
2a0: e3 b0 cf 5e af a5 87 8b 32 46 19 c5 b0 9a 55 d7 | ...^....2F....U.
2b0: d4 2d f6 ed 6a 85 22 30 23 e1 e3 c1 04 c4 f2 57 | .-..j."0#......W
2c0: 27 dd 31 c1 39 91 33 09 c0 04 0c e9 19 9d 47 55 | '.1.9.3.......GU
2d0: 19 55 12 34 16 64 ba 17 f5 e6 76 98 21 b3 78 b1 | .U.4.d....v.!.x.
2e0: d9 70 7a 4a 36 0f c2 bc b2 47 6a 0d d5 e3 96 ff | .pzJ6....Gj.....
2f0: 3c 8c c4 0d fb 11 35 88 a3 9c 11 e1 fc 81 f7 04 | <.....5.........
300: 95 b9 62 08 9b d5 c2 94 24 bf 93 f9 ff 05 21 91 | ..b.....$.....!.
310: f9 a8 89 0c 90 00 c2 76 0d 98 a8 16 af c9 2b dc | .......v......+.
320: 14 67 6a dc 1a f1 ab 1e 57 98 64 c8 b4 d7 30 6c | .gj.....W.d...0l
330: 5f 61 a8 b6 5d 02 03 01 00 01 a3 50 30 4e 30 1d | _a..]......P0N0.
340: 06 03 55 1d 0e 04 16 04 14 7f a1 b2 bf 47 e9 be | ..U.........G..
350: 60 1c 27 28 25 49 72 1b dc 88 7e 93 96 30 1f 06 | `.'(%Ir...~..0..
360: 03 55 1d 23 04 18 30 16 80 14 7f a1 b2 bf 47 e9 | .U.#..0......G.
370: be 60 1c 27 28 25 49 72 1b dc 88 7e 93 96 30 0c | .`.'(%Ir...~..0.
380: 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 | ..U....0....0...
390: 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 | *.H.............
3a0: 71 26 bd 62 51 ff f7 b7 d1 94 5c 76 98 05 18 bb | q&.bQ.....\v....
3b0: 27 26 28 7e 1b 55 7c b3 f5 ae 6d 09 f9 6f dd 59 | '&(~.U|...m..o.Y
3c0: c0 0e 3b f5 7e 7a ad dd d8 0a 3a 07 7b ab 7f b5 | ..;.~z....:.{..
3d0: c6 d9 fc bc 92 63 e7 e8 1a d3 65 b8 44 96 03 1b | .....c....e.D...
3e0: ed a3 1e 5b 31 e1 e1 3f 4b 7b ea 65 1d a7 6c dc | ...[1..?K{.e..l.
3f0: 6e c8 48 ec aa 8f f1 78 06 7b bd 22 5c ba cc aa | n.H....x.{."\...
400: 42 ee ac 29 cb 04 80 16 12 e2 fb cb 7f 1e 6b 8d | B..).........k.
410: c1 79 65 e1 e3 a6 f1 67 41 e8 64 e2 5d d3 eb 99 | .ye....gA.d.]...
420: 3c f3 d9 5a e3 0d 1b ae 82 d7 f5 fb 8f 4b 88 2b | <..Z.........K.+
430: 0f 72 ca 62 0b c4 f9 e5 e7 dc da 43 a7 d3 0f 60 | .r.b.......C...`
440: 24 a9 fc 68 b7 24 27 9c 56 a0 aa 53 bd 9f 3e 4c | $..h.$'.V..S..>L
450: c8 c1 30 8c eb 88 de 20 9f 85 3e f8 9d b1 39 09 | ..0.... ..>...9.
460: 58 23 62 c2 96 c5 60 01 8e 96 75 c9 e8 ae 02 3e | X#b...`...u....>
470: bc 80 f3 3d 3b 78 c3 48 dd fa 61 de 08 74 d1 32 | ...=;x.H..a..t.2
480: 38 cb b9 f9 af 05 fd e2 a3 9f e8 ee a6 b6 82 40 | 8..............@
490: f3 15 6d 6b 37 25 6f 9c d6 10 9e 52 09 e6 c1 bf | ..mk7%o....R....
4a0: 16 03 03 01 4d 0c 00 01 49 03 00 17 41 04 b5 69 | ....M...I...A..i
4b0: 02 92 1f 28 b1 69 61 88 51 75 8f ac b8 08 a7 b2 | ...(.ia.Qu......
4c0: 85 3c 0a 08 f3 d3 4a 62 0b 1a ca 1e f5 30 6a ae | .<....Jb.....0j.
4d0: 2f 14 db 7a a3 d6 58 d0 29 d6 c7 44 0b ef db bb | /..z..X.)..D....
4e0: 30 57 e6 9b 0b 37 22 08 49 a9 6b fe 3c d7 04 01 | 0W...7".I.k.<...
4f0: 01 00 5e d6 34 51 d9 03 21 d8 7d 05 2c de c2 83 | ..^.4Q..!.}.,...
500: 63 d8 31 62 a5 cd c3 4f 24 96 ef d8 da 10 9a fb | c.1b...O$.......
510: 24 5c 07 4b 59 80 44 ac b0 be f8 c6 66 50 22 6e | $\.KY.D.....fP"n
520: 08 8e 7f dd 51 65 d5 13 78 85 8c f1 f3 2d c9 ae | ...Qe..x....-..
530: 5e a8 0c 5c 20 b4 db 24 78 32 98 c0 3f 03 2a 00 | ^..\ ..$x2..?.*.
540: 99 8a 9b 12 3c 03 6f 1e 25 da dc e3 65 0c 0b e1 | ....<.o.%...e...
550: 2d 40 bb 69 89 59 be b6 54 03 74 7e db 2a 81 dc | -@.i.Y..T.t~.*..
560: 28 fe 5c 6a 07 c9 bc 76 1a 8f 4d 42 50 20 1c 0b | (.\j...v..MBP ..
570: de 21 b9 90 16 f9 d5 95 bd e3 43 45 f0 79 9d ea | .!........CE.y..
580: 78 bd 5f 08 23 e7 88 dd 4c 41 bf 0c 6b 14 28 5c | x._.#...LA..k.(\
590: 1d 9a f2 bb ab 24 48 fa 65 9c 70 a5 90 5a f2 bd | .....$H.e.p..Z..
5a0: cf 53 f6 e7 a4 7f 11 3a f6 c4 4c 30 e4 9b 1b f3 | .S....:..L0....
5b0: f7 7c 88 04 c5 b1 fc c9 26 22 93 dc 96 80 2c a4 | .|......&"....,.
5c0: 9f 6b 9f 5b 74 73 b7 43 64 84 3d 82 6e 8c 87 c8 | .k.[ts.Cd.=.n...
5d0: 72 f1 e2 b4 9c d9 1a c9 ac d1 cd b9 0b 5c 90 50 | r............\.P
5e0: 76 d9 c8 10 ad 32 70 60 47 b0 ec 23 6b bd 7b 8f | v....2p`G..#k.{.
5f0: 19 2c 16 03 03 00 04 0e 00 00 00 | .,.........
(1531 bytes of 89, with 1437 left over)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 16 03 03 00 59 | ....Y
type = 22 (handshake)
version = { 3,3 }
length = 89 (0x59)
handshake {
0: 02 00 00 55 | ...U
type = 2 (server_hello)
length = 85 (0x000055)
ServerHello {
server_version = {3, 3}
random = {...}
0: 29 af a4 50 4b 8d a7 03 a4 38 39 2b 41 1e 04 da | )..PK....89+A...
10: a3 e5 57 d2 51 51 56 25 3b 61 2b 4c 3e 24 c0 b9 | ..W.QQV%;a+L>$..
session ID = {
length = 32
contents = {...}
0: d9 5d fe a4 a8 f6 f4 73 8e 95 83 c5 5e 0a 3d eb | .].....s....^.=.
10: b2 c8 1c 1a 59 f4 69 1e 2a 4a bf c3 18 cc 7e 9c | ....Y.i.*J....~.
}
cipher_suite = (0xc030) ????/????????/?????????/???
compression method = (00) NULL
extensions[13] = {
extension type renegotiation_info, length [1] = {
0: 00 | .
}
extension type ec_point_formats, length [4] = {
0: 03 00 01 02 | ....
}
}
}
}
}
(1531 bytes of 1085, with 347 left over)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 16 03 03 04 3d | ....=
type = 22 (handshake)
version = { 3,3 }
length = 1085 (0x43d)
handshake {
0: 0b 00 04 39 | ...9
type = 11 (certificate)
length = 1081 (0x000439)
CertificateChain {
chainlength = 1078 (0x0436)
Certificate {
size = 1075 (0x0433)
data = { saved in file 'cert.001' }
}
}
}
}
(1531 bytes of 333, with 9 left over)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 16 03 03 01 4d | ....M
type = 22 (handshake)
version = { 3,3 }
length = 333 (0x14d)
handshake {
0: 0c 00 01 49 | ...I
type = 12 (server_key_exchange)
length = 329 (0x000149)
0: 03 00 17 41 04 b5 69 02 92 1f 28 b1 69 61 88 51 | ...A..i...(.ia.Q
10: 75 8f ac b8 08 a7 b2 85 3c 0a 08 f3 d3 4a 62 0b | u.......<....Jb.
20: 1a ca 1e f5 30 6a ae 2f 14 db 7a a3 d6 58 d0 29 | ....0j./..z..X.)
30: d6 c7 44 0b ef db bb 30 57 e6 9b 0b 37 22 08 49 | ..D....0W...7".I
40: a9 6b fe 3c d7 04 01 01 00 5e d6 34 51 d9 03 21 | .k.<.....^.4Q..!
50: d8 7d 05 2c de c2 83 63 d8 31 62 a5 cd c3 4f 24 | .}.,...c.1b...O$
60: 96 ef d8 da 10 9a fb 24 5c 07 4b 59 80 44 ac b0 | .......$\.KY.D..
70: be f8 c6 66 50 22 6e 08 8e 7f dd 51 65 d5 13 78 | ...fP"n...Qe..x
80: 85 8c f1 f3 2d c9 ae 5e a8 0c 5c 20 b4 db 24 78 | ....-..^..\ ..$x
90: 32 98 c0 3f 03 2a 00 99 8a 9b 12 3c 03 6f 1e 25 | 2..?.*.....<.o.%
a0: da dc e3 65 0c 0b e1 2d 40 bb 69 89 59 be b6 54 | ...e...-@.i.Y..T
b0: 03 74 7e db 2a 81 dc 28 fe 5c 6a 07 c9 bc 76 1a | .t~.*..(.\j...v.
c0: 8f 4d 42 50 20 1c 0b de 21 b9 90 16 f9 d5 95 bd | .MBP ...!.......
d0: e3 43 45 f0 79 9d ea 78 bd 5f 08 23 e7 88 dd 4c | .CE.y..x._.#...L
e0: 41 bf 0c 6b 14 28 5c 1d 9a f2 bb ab 24 48 fa 65 | A..k.(\.....$H.e
f0: 9c 70 a5 90 5a f2 bd cf 53 f6 e7 a4 7f 11 3a f6 | .p..Z...S....:.
100: c4 4c 30 e4 9b 1b f3 f7 7c 88 04 c5 b1 fc c9 26 | .L0.....|......&
110: 22 93 dc 96 80 2c a4 9f 6b 9f 5b 74 73 b7 43 64 | "....,..k.[ts.Cd
120: 84 3d 82 6e 8c 87 c8 72 f1 e2 b4 9c d9 1a c9 ac | .=.n...r........
130: d1 cd b9 0b 5c 90 50 76 d9 c8 10 ad 32 70 60 47 | ....\.Pv....2p`G
140: b0 ec 23 6b bd 7b 8f 19 2c | ..#k.{..,
}
}
(1531 bytes of 4)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 16 03 03 00 04 | .....
type = 22 (handshake)
version = { 3,3 }
length = 4 (0x4)
handshake {
0: 0e 00 00 00 | ....
type = 14 (server_hello_done)
length = 0 (0x000000)
}
}
]
--> [
0: 16 03 03 00 46 10 00 00 42 41 04 ce 94 e8 d5 0e | ....F...BA......
10: 0f 05 ef c3 8d 8c 2e 74 6f 88 d6 3a 4b 2c 90 de | .......to..:K,..
20: 7b 95 6e 8a 05 8f 0c c3 4c 25 11 06 4b f2 d9 47 | {.n.....L%..K..G
30: f9 51 be 1d 0f 95 6d 55 b1 0a 4c 59 13 41 6e 99 | .Q....mU..LY.An.
40: 71 8e 67 b3 b6 d1 56 38 de 74 2c 14 03 03 00 01 | q.g...V8.t,.....
50: 01 16 03 03 00 28 f0 cc 39 31 d2 d8 c7 13 7a 93 | .....(..91....z.
60: 5c e1 09 a8 22 6d b7 b6 ed d8 7f 89 c3 f7 aa fb | \..."m.........
70: ac 0c b8 d2 7e 0e ff c8 6e 66 83 b6 d4 9a | ....~...nf....
(126 bytes of 70, with 51 left over)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 16 03 03 00 46 | ....F
type = 22 (handshake)
version = { 3,3 }
length = 70 (0x46)
handshake {
0: 10 00 00 42 | ...B
type = 16 (client_key_exchange)
length = 66 (0x000042)
ClientKeyExchange {
message = {...}
}
}
}
(126 bytes of 1, with 45 left over)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 14 03 03 00 01 | .....
type = 20 (change_cipher_spec)
version = { 3,3 }
length = 1 (0x1)
0: 01 | .
}
(126 bytes of 40)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 16 03 03 00 28 | ....(
type = 22 (handshake)
version = { 3,3 }
length = 40 (0x28)
< encrypted >
}
]
<-- [
0: 14 03 03 00 01 01 16 03 03 00 28 e9 b5 25 8e c8 | ..........(..%..
10: 58 97 11 74 f5 22 b3 7c 57 ab 1c a7 b4 6d d7 cb | X..t.".|W....m..
20: f4 80 41 1d 6f 6b ba f2 15 7b 54 0f a5 56 38 65 | ..A.ok...{T..V8e
30: 88 da 22 | .."
(51 bytes of 1, with 45 left over)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 14 03 03 00 01 | .....
type = 20 (change_cipher_spec)
version = { 3,3 }
length = 1 (0x1)
0: 01 | .
}
(51 bytes of 40)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 16 03 03 00 28 | ....(
type = 22 (handshake)
version = { 3,3 }
length = 40 (0x28)
< encrypted >
}
]
--> [
0: 17 03 03 00 77 f0 cc 39 31 d2 d8 c7 14 73 9d 1e | ....w..91....s..
10: c1 bf d0 31 5c 6a 30 41 ad f2 d1 2e d4 a3 04 72 | ...1\j0A.......r
20: 93 10 30 34 70 16 e2 da d3 fd 5f d9 8c 67 76 7a | ..04p....._..gvz
30: a9 87 ad 5f e7 ef d6 bf 91 2e 46 14 83 55 14 e5 | ..._......F..U..
40: 2b 5c e7 70 ee dc 89 8c 0a 8d 75 28 39 e3 07 e8 | +\.p......u(9...
50: 61 de 96 9d 6d 82 06 3d 46 7b 53 81 3b 2c fc 63 | a...m..=F{S.;,.c
60: 67 95 35 99 aa 6f f4 74 72 98 31 35 63 20 41 c2 | g.5..o.tr.15c A.
70: 78 37 d4 65 47 89 9b f7 4c 9b 62 aa | x7.eG...L.b.
(124 bytes of 119)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 17 03 03 00 77 | ....w
type = 23 (application_data)
version = { 3,3 }
length = 119 (0x77)
< encrypted >
}
]
<-- [
0: 17 03 03 01 15 e9 b5 25 8e c8 58 97 12 97 5a 6c | .......%..X...Zl
10: eb c5 77 7b 14 bf ee 19 6d a2 e9 79 df ba e6 1c | ..w{....m..y....
20: 73 11 4a 80 b4 5f b6 be 06 1d dc b0 a5 08 b5 1d | s.J.._..........
30: 80 e9 97 f0 95 e6 70 19 d5 8e ae b4 05 83 93 ab | ......p.........
40: 04 e0 c5 5b e0 aa c2 64 7a 4e 15 38 e2 3c 10 f6 | ...[...dzN.8.<..
50: 99 3f d6 77 2f f3 6a dd 09 18 05 91 5f 9e 7d f8 | .?.w/.j....._.}.
60: b1 68 27 bb 5e 99 93 4b 8a e6 ac 0a 17 58 71 08 | .h'.^..K.....Xq.
70: 9f 9e 5b 87 e9 7b a5 6a 81 14 33 22 c3 aa a7 d1 | ..[..{.j..3"....
80: 17 73 45 c6 48 0a 6d 0f 38 c7 ca bc 89 56 f1 81 | .sE.H.m.8....V..
90: 2a 7e 91 52 8a 3e 91 bb cf 66 e3 ea 1d 11 af da | *~.R.>...f......
a0: 8d 98 4b 66 f5 2f 99 64 df ec 23 9d 70 b2 55 eb | ..Kf./.d..#.p.U.
b0: 7b 12 3e 0f 77 ca a3 b0 2e 7e 2d 3d 8b 1c f3 99 | {.>.w....~-=....
c0: 6a e3 6e 7f 8b b3 d2 58 f2 8e 3c 3b 7c 1f 7a ac | j.n...X..<;|.z.
d0: 4c 8c 61 a6 f4 26 4b 9c f5 c9 74 8f 6f 82 19 d1 | L.a..&K...t.o...
e0: f8 d4 17 4d 7c 77 37 bb b5 ed ba cd 78 0b 1a cd | ...M|w7.....x...
f0: f3 93 74 e5 6e 4c ee 30 3f 55 0f dc 30 02 18 57 | ..t.nL.0?U..0..W
100: f3 b6 4b d3 96 6f 4d 8f 45 c9 a5 13 bf ce 8b ff | ..K..oM.E.......
110: 7d 01 d3 47 a2 da cf cc 17 63 17 03 03 00 78 e9 | }..G.....c....x.
120: b5 25 8e c8 58 97 13 36 4a 2e 23 74 97 1c a6 81 | .%..X..6J.#t....
130: fd dc 6f 11 70 dd 3c f2 46 da d6 9d dd 85 32 06 | ..o.p.<.F.....2.
140: 0a 2a 95 17 20 53 74 48 67 a8 d0 86 d2 94 65 4c | .*.. StHg.....eL
150: 42 cf 83 ad 44 42 c7 1f c1 f3 41 25 6b 8f 53 db | B...DB....A%k.S.
160: 4e b4 7c a3 f1 e3 29 ff 32 26 13 73 1e cf 34 e3 | N.|...).2&.s..4.
170: d6 a9 40 4e 78 bf 3b 41 b6 96 48 ce f1 12 df e1 | ..@Nx.;A..H.....
180: f7 23 84 96 b5 67 61 62 1d 47 6a e9 01 9a a7 b0 | .#...gab.Gj.....
190: ec c4 1a 9d 51 08 b7 | ....Q..
(407 bytes of 277, with 125 left over)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 17 03 03 01 15 | .....
type = 23 (application_data)
version = { 3,3 }
length = 277 (0x115)
< encrypted >
}
(407 bytes of 120)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 17 03 03 00 78 | ....x
type = 23 (application_data)
version = { 3,3 }
length = 120 (0x78)
< encrypted >
}
]
--> [
0: 15 03 03 00 1a f0 cc 39 31 d2 d8 c7 15 46 a3 df | .......91....F..
10: 01 ea ff 36 b5 ac de 6f 12 1f c8 5b 33 43 46 | ...6...o...[3CF
(31 bytes of 26)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 15 03 03 00 1a | .....
type = 21 (alert)
version = { 3,3 }
length = 26 (0x1a)
< encrypted >
}
]
<-- [
0: 15 03 03 00 1a e9 b5 25 8e c8 58 97 14 4e 81 6f | .......%..X..N.o
10: ea 30 04 c1 1a 9e fc cc bc 07 9d 6c aa de 66 | .0.........l..f
(31 bytes of 26)
SSLRecord { [Sun Aug 14 22:06:29 2022]
0: 15 03 03 00 1a | .....
type = 21 (alert)
version = { 3,3 }
length = 26 (0x1a)
< encrypted >
}
]
Read EOF on Client socket. [Sun Aug 14 22:06:29 2022]
Read EOF on Server socket. [Sun Aug 14 22:06:29 2022]
Connection 1 Complete [Sun Aug 14 22:06:29 2022]
Note: Could capture SSL traffic from haproxy.
Reference
https://www.virkki.com/jyri/articles/index.php/observing-ssl-requests/
Read more
Setup DNS server
Setup master&slave DNS servers on Rocky 8.4
Oct 21, 2024Ueful actions and tips
Notes for couple useful actions and syntax.
Oct 10, 2024Gnu Privacy Guard
Use GPG for file encription and decryption and basic usage.
Mar 10, 2024Deploy OpenStack using Kolla-Ansible
last update: 2022-12-09
Nov 20, 2023Published on 
HackMD
HackMD