# use ssltap to examine SSL data ###### tags: `linux` Example of using **ssltap** to capture HTTPS traffic. An appche server running on port 8443 with ssl. ``` [root@ssd-okd4-services okd4]# netstat -antp | grep 8443 tcp6 0 0 :::8443 :::* LISTEN 4903/httpd ``` On server, run **ssltap** to capture traffic. (without specify -p option, use defautl port 1924) ``` [root@ssd-okd4-services conf.d]# ssltap -l -s -h -x 192.168.122.50:8443 Looking up "192.168.122.50"... Proxy socket ready and listening ``` On client, **curl** a fle on server side (use default proxy port 1924 of the ssltap) ``` $ curl -k https://services:1924/okd4/metadata.json {"clusterName":"okd4","clusterID":"927eb2d0-8511-499d-b9ec-2bf3b3f4e500","infraID":"okd4-z2mxw"} ``` The SSL connection captured by ssltap on server. ``` Connection #1 [Sun Aug 14 22:06:29 2022] Connected to 192.168.122.50:8443 --> [ 0: 16 03 01 02 00 01 00 01 fc 03 03 cc 27 0a 52 7c | ............'.R| 10: 61 bf e8 06 2a 47 53 12 d5 87 5a 8d a1 c5 0a 1b | a...*GS...Z..... 20: c7 77 b0 9d b2 56 0c 46 9b 2c e9 20 e5 a4 ac 6e | .w...V.F.,. ...n 30: d0 1e 77 eb e7 b4 bc da 8b b2 fc e1 f9 d3 bb 3a | ..w............: 40: 35 52 35 7d b7 2f 04 d3 2a 50 7e 4d 00 3e 13 02 | 5R5}./..*P~M.>.. 50: 13 03 13 01 c0 2c c0 30 00 9f cc a9 cc a8 cc aa | .....,.0........ 60: c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 | .+./...$.(.k.#.' 70: 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d | .g.....9.....3.. 80: 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 01 75 | ...=.<.5./.....u 90: 00 00 00 0d 00 0b 00 00 08 73 65 72 76 69 63 65 | .........service a0: 73 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 | s............... b0: 1d 00 17 00 1e 00 19 00 18 33 74 00 00 00 10 00 | .........3t..... c0: 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 00 | ....h2.http/1.1. d0: 16 00 00 00 17 00 00 00 31 00 00 00 0d 00 2a 00 | ........1.....*. e0: 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 | (............... f0: 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 | ................ 100: 01 03 02 04 02 05 02 06 02 00 2b 00 05 04 03 04 | ..........+..... 110: 03 03 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d | ...-.....3.&.$.. 120: 00 20 a5 da 4e 35 1d d2 0e 40 b4 04 c9 d9 60 e5 | . ..N5...@....`. 130: d5 dc a9 f6 53 3f f5 e5 a0 ac 08 54 dc df dc 7c | ....S?.....T...| 140: b3 24 00 15 00 bf 00 00 00 00 00 00 00 00 00 00 | .$.............. 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 200: 00 00 00 00 00 | ..... (517 bytes of 512) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 16 03 01 02 00 | ..... type = 22 (handshake) version = { 3,1 } length = 512 (0x200) handshake { 0: 01 00 01 fc | .... type = 1 (client_hello) length = 508 (0x0001fc) ClientHelloV3 { client_version = {3, 3} random = {...} 0: cc 27 0a 52 7c 61 bf e8 06 2a 47 53 12 d5 87 5a | .'.R|a...*GS...Z 10: 8d a1 c5 0a 1b c7 77 b0 9d b2 56 0c 46 9b 2c e9 | ......w...V.F.,. session ID = { length = 32 contents = {...} 0: e5 a4 ac 6e d0 1e 77 eb e7 b4 bc da 8b b2 fc e1 | ...n..w......... 10: f9 d3 bb 3a 35 52 35 7d b7 2f 04 d3 2a 50 7e 4d | ...:5R5}./..*P~M } cipher_suites[31] = { (0x1302) ????/????????/?????????/??? (0x1303) ????/????????/?????????/??? (0x1301) ????/????????/?????????/??? (0xc02c) TLS/ECDHE-ECDSA/AES256-GCM/SHA384 (0xc030) ????/????????/?????????/??? (0x009f) ????/????????/?????????/??? (0xcca9) TLS/ECDHE-ECDSA/CHACHA20-POLY1305/SHA256 (0xcca8) TLS/ECDHE-RSA/CHACHA20-POLY1305/SHA256 (0xccaa) TLS/DHE-RSA/CHACHA20-POLY1305/SHA256 (0xc02b) TLS/ECDHE-ECDSA/AES128-GCM/SHA256 (0xc02f) TLS/ECDHE-RSA/AES128-GCM/SHA256 (0x009e) TLS/DHE-RSA/AES128-GCM/SHA256 (0xc024) TLS/ECDHE-ECDSA/AES256-CBC/SHA384 (0xc028) TLS/ECDHE-RSA/AES256-CBC/SHA384 (0x006b) TLS/DHE-RSA/AES256-CBC/SHA256 (0xc023) TLS/ECDHE-ECDSA/AES128-CBC/SHA256 (0xc027) TLS/ECDHE-RSA/AES128-CBC/SHA256 (0x0067) TLS/DHE-RSA/AES128-CBC/SHA256 (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA (0x0039) TLS/DHE-RSA/AES256-CBC/SHA (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA (0x0033) TLS/DHE-RSA/AES128-CBC/SHA (0x009d) ????/????????/?????????/??? (0x009c) TLS/RSA/AES128-GCM/SHA256 (0x003d) TLS/RSA/AES256-CBC/SHA256 (0x003c) TLS/RSA/AES128-CBC/SHA256 (0x0035) TLS/RSA/AES256-CBC/SHA (0x002f) TLS/RSA/AES128-CBC/SHA (0x00ff) TLS_EMPTY_RENEGOTIATION_INFO_SCSV } compression[1] = { (00) NULL } extensions[373] = { extension type server_name, length [13] = { 0: 00 0b 00 00 08 73 65 72 76 69 63 65 73 | .....services } extension type ec_point_formats, length [4] = { 0: 03 00 01 02 | .... } extension type elliptic_curves, length [12] = { 0: 00 0a 00 1d 00 17 00 1e 00 19 00 18 | ............ } extension type 13172, length [0] extension type 16, length [14] = { 0: 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 | ...h2.http/1.1 } extension type 22, length [0] extension type 23, length [0] extension type 49, length [0] extension type signature_algorithms, length [42] = { 0: 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a | .(.............. 10: 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 | ................ 20: 03 01 03 02 04 02 05 02 06 02 | .......... } extension type 43, length [5] = { 0: 04 03 04 03 03 | ..... } extension type 45, length [2] = { 0: 01 01 | .. } extension type 51, length [38] = { 0: 00 24 00 1d 00 20 a5 da 4e 35 1d d2 0e 40 b4 04 | .$... ..N5...@.. 10: c9 d9 60 e5 d5 dc a9 f6 53 3f f5 e5 a0 ac 08 54 | ..`.....S?.....T 20: dc df dc 7c b3 24 | ...|.$ } extension type 21, length [191] = { 0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ............... } } } } } ] <-- [ 0: 16 03 03 00 59 02 00 00 55 03 03 29 af a4 50 4b | ....Y...U..)..PK 10: 8d a7 03 a4 38 39 2b 41 1e 04 da a3 e5 57 d2 51 | ....89+A.....W.Q 20: 51 56 25 3b 61 2b 4c 3e 24 c0 b9 20 d9 5d fe a4 | QV%;a+L>$.. .].. 30: a8 f6 f4 73 8e 95 83 c5 5e 0a 3d eb b2 c8 1c 1a | ...s....^.=..... 40: 59 f4 69 1e 2a 4a bf c3 18 cc 7e 9c c0 30 00 00 | Y.i.*J....~..0.. 50: 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 | ................ 60: 03 04 3d 0b 00 04 39 00 04 36 00 04 33 30 82 04 | ..=...9..6..30.. 70: 2f 30 82 03 17 a0 03 02 01 02 02 09 00 8e 60 08 | /0............`. 80: 1a ec 65 db b3 30 0d 06 09 2a 86 48 86 f7 0d 01 | ..e..0...*.H.... 90: 01 0b 05 00 30 81 ad 31 0b 30 09 06 03 55 04 06 | ....0..1.0...U.. a0: 13 02 41 55 31 0c 30 0a 06 03 55 04 08 0c 03 4e | ..AU1.0...U....N b0: 53 57 31 0f 30 0d 06 03 55 04 07 0c 06 53 79 64 | SW1.0...U....Syd c0: 6e 65 79 31 15 30 13 06 03 55 04 0a 0c 0c 68 6f | ney1.0...U....ho d0: 6d 65 6c 61 62 20 69 6e 63 2e 31 14 30 12 06 03 | melab inc.1.0... e0: 55 04 0b 0c 0b 68 6f 6d 65 6c 61 62 20 6f 6b 64 | U....homelab okd f0: 31 26 30 24 06 03 55 04 03 0c 1d 6f 6b 64 34 2d | 1&0$..U....okd4- 100: 73 65 72 76 69 63 65 73 2e 6f 6b 64 2e 68 6f 6d | services.okd.hom 110: 65 6c 61 62 2e 63 6f 6d 31 2a 30 28 06 09 2a 86 | elab.com1*0(..*. 120: 48 86 f7 0d 01 09 01 16 1b 74 68 69 73 69 73 79 | H........thisisy 130: 75 6a 75 6e 67 63 68 65 6e 67 40 67 6d 61 69 6c | ujungcheng@gmail 140: 2e 63 6f 6d 30 1e 17 0d 32 32 30 38 31 32 31 34 | .com0...22081214 150: 31 34 35 35 5a 17 0d 32 33 30 38 31 32 31 34 31 | 1455Z..230812141 160: 34 35 35 5a 30 81 ad 31 0b 30 09 06 03 55 04 06 | 455Z0..1.0...U.. 170: 13 02 41 55 31 0c 30 0a 06 03 55 04 08 0c 03 4e | ..AU1.0...U....N 180: 53 57 31 0f 30 0d 06 03 55 04 07 0c 06 53 79 64 | SW1.0...U....Syd 190: 6e 65 79 31 15 30 13 06 03 55 04 0a 0c 0c 68 6f | ney1.0...U....ho 1a0: 6d 65 6c 61 62 20 69 6e 63 2e 31 14 30 12 06 03 | melab inc.1.0... 1b0: 55 04 0b 0c 0b 68 6f 6d 65 6c 61 62 20 6f 6b 64 | U....homelab okd 1c0: 31 26 30 24 06 03 55 04 03 0c 1d 6f 6b 64 34 2d | 1&0$..U....okd4- 1d0: 73 65 72 76 69 63 65 73 2e 6f 6b 64 2e 68 6f 6d | services.okd.hom 1e0: 65 6c 61 62 2e 63 6f 6d 31 2a 30 28 06 09 2a 86 | elab.com1*0(..*. 1f0: 48 86 f7 0d 01 09 01 16 1b 74 68 69 73 69 73 79 | H........thisisy 200: 75 6a 75 6e 67 63 68 65 6e 67 40 67 6d 61 69 6c | ujungcheng@gmail 210: 2e 63 6f 6d 30 82 01 22 30 0d 06 09 2a 86 48 86 | .com0.."0...*.H. 220: f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a | ............0... 230: 02 82 01 01 00 aa 56 29 88 79 51 45 27 9b 91 5d | ......V).yQE'..] 240: a6 ae 9e c3 35 b3 9d 2a af cf 95 28 e0 0b d4 dd | ....5..*...(.... 250: 4c a8 d9 88 3f 44 12 62 42 a4 8f d0 47 f9 3a 8f | L...?D.bB...G.:. 260: 67 9d cd d7 0f db ac 43 0b ff d7 48 22 2b fe 60 | g......C...H"+.` 270: 31 f0 0b 80 6a 2b d1 44 2e a5 b3 77 1a 4e eb ab | 1...j+.D...w.N.. 280: 6b 8d 49 d9 37 1b 91 9d 5e 0e fe d5 ca cc 39 81 | k.I.7...^.....9. 290: 6b 61 c2 4e 91 73 c8 20 6f 61 9f 10 05 88 32 f4 | ka.N.s. oa....2. 2a0: e3 b0 cf 5e af a5 87 8b 32 46 19 c5 b0 9a 55 d7 | ...^....2F....U. 2b0: d4 2d f6 ed 6a 85 22 30 23 e1 e3 c1 04 c4 f2 57 | .-..j."0#......W 2c0: 27 dd 31 c1 39 91 33 09 c0 04 0c e9 19 9d 47 55 | '.1.9.3.......GU 2d0: 19 55 12 34 16 64 ba 17 f5 e6 76 98 21 b3 78 b1 | .U.4.d....v.!.x. 2e0: d9 70 7a 4a 36 0f c2 bc b2 47 6a 0d d5 e3 96 ff | .pzJ6....Gj..... 2f0: 3c 8c c4 0d fb 11 35 88 a3 9c 11 e1 fc 81 f7 04 | <.....5......... 300: 95 b9 62 08 9b d5 c2 94 24 bf 93 f9 ff 05 21 91 | ..b.....$.....!. 310: f9 a8 89 0c 90 00 c2 76 0d 98 a8 16 af c9 2b dc | .......v......+. 320: 14 67 6a dc 1a f1 ab 1e 57 98 64 c8 b4 d7 30 6c | .gj.....W.d...0l 330: 5f 61 a8 b6 5d 02 03 01 00 01 a3 50 30 4e 30 1d | _a..]......P0N0. 340: 06 03 55 1d 0e 04 16 04 14 7f a1 b2 bf 47 e9 be | ..U.........G.. 350: 60 1c 27 28 25 49 72 1b dc 88 7e 93 96 30 1f 06 | `.'(%Ir...~..0.. 360: 03 55 1d 23 04 18 30 16 80 14 7f a1 b2 bf 47 e9 | .U.#..0......G. 370: be 60 1c 27 28 25 49 72 1b dc 88 7e 93 96 30 0c | .`.'(%Ir...~..0. 380: 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 | ..U....0....0... 390: 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 | *.H............. 3a0: 71 26 bd 62 51 ff f7 b7 d1 94 5c 76 98 05 18 bb | q&.bQ.....\v.... 3b0: 27 26 28 7e 1b 55 7c b3 f5 ae 6d 09 f9 6f dd 59 | '&(~.U|...m..o.Y 3c0: c0 0e 3b f5 7e 7a ad dd d8 0a 3a 07 7b ab 7f b5 | ..;.~z....:.{.. 3d0: c6 d9 fc bc 92 63 e7 e8 1a d3 65 b8 44 96 03 1b | .....c....e.D... 3e0: ed a3 1e 5b 31 e1 e1 3f 4b 7b ea 65 1d a7 6c dc | ...[1..?K{.e..l. 3f0: 6e c8 48 ec aa 8f f1 78 06 7b bd 22 5c ba cc aa | n.H....x.{."\... 400: 42 ee ac 29 cb 04 80 16 12 e2 fb cb 7f 1e 6b 8d | B..).........k. 410: c1 79 65 e1 e3 a6 f1 67 41 e8 64 e2 5d d3 eb 99 | .ye....gA.d.]... 420: 3c f3 d9 5a e3 0d 1b ae 82 d7 f5 fb 8f 4b 88 2b | <..Z.........K.+ 430: 0f 72 ca 62 0b c4 f9 e5 e7 dc da 43 a7 d3 0f 60 | .r.b.......C...` 440: 24 a9 fc 68 b7 24 27 9c 56 a0 aa 53 bd 9f 3e 4c | $..h.$'.V..S..>L 450: c8 c1 30 8c eb 88 de 20 9f 85 3e f8 9d b1 39 09 | ..0.... ..>...9. 460: 58 23 62 c2 96 c5 60 01 8e 96 75 c9 e8 ae 02 3e | X#b...`...u....> 470: bc 80 f3 3d 3b 78 c3 48 dd fa 61 de 08 74 d1 32 | ...=;x.H..a..t.2 480: 38 cb b9 f9 af 05 fd e2 a3 9f e8 ee a6 b6 82 40 | 8..............@ 490: f3 15 6d 6b 37 25 6f 9c d6 10 9e 52 09 e6 c1 bf | ..mk7%o....R.... 4a0: 16 03 03 01 4d 0c 00 01 49 03 00 17 41 04 b5 69 | ....M...I...A..i 4b0: 02 92 1f 28 b1 69 61 88 51 75 8f ac b8 08 a7 b2 | ...(.ia.Qu...... 4c0: 85 3c 0a 08 f3 d3 4a 62 0b 1a ca 1e f5 30 6a ae | .<....Jb.....0j. 4d0: 2f 14 db 7a a3 d6 58 d0 29 d6 c7 44 0b ef db bb | /..z..X.)..D.... 4e0: 30 57 e6 9b 0b 37 22 08 49 a9 6b fe 3c d7 04 01 | 0W...7".I.k.<... 4f0: 01 00 5e d6 34 51 d9 03 21 d8 7d 05 2c de c2 83 | ..^.4Q..!.}.,... 500: 63 d8 31 62 a5 cd c3 4f 24 96 ef d8 da 10 9a fb | c.1b...O$....... 510: 24 5c 07 4b 59 80 44 ac b0 be f8 c6 66 50 22 6e | $\.KY.D.....fP"n 520: 08 8e 7f dd 51 65 d5 13 78 85 8c f1 f3 2d c9 ae | ...Qe..x....-.. 530: 5e a8 0c 5c 20 b4 db 24 78 32 98 c0 3f 03 2a 00 | ^..\ ..$x2..?.*. 540: 99 8a 9b 12 3c 03 6f 1e 25 da dc e3 65 0c 0b e1 | ....<.o.%...e... 550: 2d 40 bb 69 89 59 be b6 54 03 74 7e db 2a 81 dc | -@.i.Y..T.t~.*.. 560: 28 fe 5c 6a 07 c9 bc 76 1a 8f 4d 42 50 20 1c 0b | (.\j...v..MBP .. 570: de 21 b9 90 16 f9 d5 95 bd e3 43 45 f0 79 9d ea | .!........CE.y.. 580: 78 bd 5f 08 23 e7 88 dd 4c 41 bf 0c 6b 14 28 5c | x._.#...LA..k.(\ 590: 1d 9a f2 bb ab 24 48 fa 65 9c 70 a5 90 5a f2 bd | .....$H.e.p..Z.. 5a0: cf 53 f6 e7 a4 7f 11 3a f6 c4 4c 30 e4 9b 1b f3 | .S....:..L0.... 5b0: f7 7c 88 04 c5 b1 fc c9 26 22 93 dc 96 80 2c a4 | .|......&"....,. 5c0: 9f 6b 9f 5b 74 73 b7 43 64 84 3d 82 6e 8c 87 c8 | .k.[ts.Cd.=.n... 5d0: 72 f1 e2 b4 9c d9 1a c9 ac d1 cd b9 0b 5c 90 50 | r............\.P 5e0: 76 d9 c8 10 ad 32 70 60 47 b0 ec 23 6b bd 7b 8f | v....2p`G..#k.{. 5f0: 19 2c 16 03 03 00 04 0e 00 00 00 | .,......... (1531 bytes of 89, with 1437 left over) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 16 03 03 00 59 | ....Y type = 22 (handshake) version = { 3,3 } length = 89 (0x59) handshake { 0: 02 00 00 55 | ...U type = 2 (server_hello) length = 85 (0x000055) ServerHello { server_version = {3, 3} random = {...} 0: 29 af a4 50 4b 8d a7 03 a4 38 39 2b 41 1e 04 da | )..PK....89+A... 10: a3 e5 57 d2 51 51 56 25 3b 61 2b 4c 3e 24 c0 b9 | ..W.QQV%;a+L>$.. session ID = { length = 32 contents = {...} 0: d9 5d fe a4 a8 f6 f4 73 8e 95 83 c5 5e 0a 3d eb | .].....s....^.=. 10: b2 c8 1c 1a 59 f4 69 1e 2a 4a bf c3 18 cc 7e 9c | ....Y.i.*J....~. } cipher_suite = (0xc030) ????/????????/?????????/??? compression method = (00) NULL extensions[13] = { extension type renegotiation_info, length [1] = { 0: 00 | . } extension type ec_point_formats, length [4] = { 0: 03 00 01 02 | .... } } } } } (1531 bytes of 1085, with 347 left over) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 16 03 03 04 3d | ....= type = 22 (handshake) version = { 3,3 } length = 1085 (0x43d) handshake { 0: 0b 00 04 39 | ...9 type = 11 (certificate) length = 1081 (0x000439) CertificateChain { chainlength = 1078 (0x0436) Certificate { size = 1075 (0x0433) data = { saved in file 'cert.001' } } } } } (1531 bytes of 333, with 9 left over) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 16 03 03 01 4d | ....M type = 22 (handshake) version = { 3,3 } length = 333 (0x14d) handshake { 0: 0c 00 01 49 | ...I type = 12 (server_key_exchange) length = 329 (0x000149) 0: 03 00 17 41 04 b5 69 02 92 1f 28 b1 69 61 88 51 | ...A..i...(.ia.Q 10: 75 8f ac b8 08 a7 b2 85 3c 0a 08 f3 d3 4a 62 0b | u.......<....Jb. 20: 1a ca 1e f5 30 6a ae 2f 14 db 7a a3 d6 58 d0 29 | ....0j./..z..X.) 30: d6 c7 44 0b ef db bb 30 57 e6 9b 0b 37 22 08 49 | ..D....0W...7".I 40: a9 6b fe 3c d7 04 01 01 00 5e d6 34 51 d9 03 21 | .k.<.....^.4Q..! 50: d8 7d 05 2c de c2 83 63 d8 31 62 a5 cd c3 4f 24 | .}.,...c.1b...O$ 60: 96 ef d8 da 10 9a fb 24 5c 07 4b 59 80 44 ac b0 | .......$\.KY.D.. 70: be f8 c6 66 50 22 6e 08 8e 7f dd 51 65 d5 13 78 | ...fP"n...Qe..x 80: 85 8c f1 f3 2d c9 ae 5e a8 0c 5c 20 b4 db 24 78 | ....-..^..\ ..$x 90: 32 98 c0 3f 03 2a 00 99 8a 9b 12 3c 03 6f 1e 25 | 2..?.*.....<.o.% a0: da dc e3 65 0c 0b e1 2d 40 bb 69 89 59 be b6 54 | ...e...-@.i.Y..T b0: 03 74 7e db 2a 81 dc 28 fe 5c 6a 07 c9 bc 76 1a | .t~.*..(.\j...v. c0: 8f 4d 42 50 20 1c 0b de 21 b9 90 16 f9 d5 95 bd | .MBP ...!....... d0: e3 43 45 f0 79 9d ea 78 bd 5f 08 23 e7 88 dd 4c | .CE.y..x._.#...L e0: 41 bf 0c 6b 14 28 5c 1d 9a f2 bb ab 24 48 fa 65 | A..k.(\.....$H.e f0: 9c 70 a5 90 5a f2 bd cf 53 f6 e7 a4 7f 11 3a f6 | .p..Z...S....:. 100: c4 4c 30 e4 9b 1b f3 f7 7c 88 04 c5 b1 fc c9 26 | .L0.....|......& 110: 22 93 dc 96 80 2c a4 9f 6b 9f 5b 74 73 b7 43 64 | "....,..k.[ts.Cd 120: 84 3d 82 6e 8c 87 c8 72 f1 e2 b4 9c d9 1a c9 ac | .=.n...r........ 130: d1 cd b9 0b 5c 90 50 76 d9 c8 10 ad 32 70 60 47 | ....\.Pv....2p`G 140: b0 ec 23 6b bd 7b 8f 19 2c | ..#k.{.., } } (1531 bytes of 4) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 16 03 03 00 04 | ..... type = 22 (handshake) version = { 3,3 } length = 4 (0x4) handshake { 0: 0e 00 00 00 | .... type = 14 (server_hello_done) length = 0 (0x000000) } } ] --> [ 0: 16 03 03 00 46 10 00 00 42 41 04 ce 94 e8 d5 0e | ....F...BA...... 10: 0f 05 ef c3 8d 8c 2e 74 6f 88 d6 3a 4b 2c 90 de | .......to..:K,.. 20: 7b 95 6e 8a 05 8f 0c c3 4c 25 11 06 4b f2 d9 47 | {.n.....L%..K..G 30: f9 51 be 1d 0f 95 6d 55 b1 0a 4c 59 13 41 6e 99 | .Q....mU..LY.An. 40: 71 8e 67 b3 b6 d1 56 38 de 74 2c 14 03 03 00 01 | q.g...V8.t,..... 50: 01 16 03 03 00 28 f0 cc 39 31 d2 d8 c7 13 7a 93 | .....(..91....z. 60: 5c e1 09 a8 22 6d b7 b6 ed d8 7f 89 c3 f7 aa fb | \..."m......... 70: ac 0c b8 d2 7e 0e ff c8 6e 66 83 b6 d4 9a | ....~...nf.... (126 bytes of 70, with 51 left over) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 16 03 03 00 46 | ....F type = 22 (handshake) version = { 3,3 } length = 70 (0x46) handshake { 0: 10 00 00 42 | ...B type = 16 (client_key_exchange) length = 66 (0x000042) ClientKeyExchange { message = {...} } } } (126 bytes of 1, with 45 left over) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 14 03 03 00 01 | ..... type = 20 (change_cipher_spec) version = { 3,3 } length = 1 (0x1) 0: 01 | . } (126 bytes of 40) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 16 03 03 00 28 | ....( type = 22 (handshake) version = { 3,3 } length = 40 (0x28) < encrypted > } ] <-- [ 0: 14 03 03 00 01 01 16 03 03 00 28 e9 b5 25 8e c8 | ..........(..%.. 10: 58 97 11 74 f5 22 b3 7c 57 ab 1c a7 b4 6d d7 cb | X..t.".|W....m.. 20: f4 80 41 1d 6f 6b ba f2 15 7b 54 0f a5 56 38 65 | ..A.ok...{T..V8e 30: 88 da 22 | .." (51 bytes of 1, with 45 left over) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 14 03 03 00 01 | ..... type = 20 (change_cipher_spec) version = { 3,3 } length = 1 (0x1) 0: 01 | . } (51 bytes of 40) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 16 03 03 00 28 | ....( type = 22 (handshake) version = { 3,3 } length = 40 (0x28) < encrypted > } ] --> [ 0: 17 03 03 00 77 f0 cc 39 31 d2 d8 c7 14 73 9d 1e | ....w..91....s.. 10: c1 bf d0 31 5c 6a 30 41 ad f2 d1 2e d4 a3 04 72 | ...1\j0A.......r 20: 93 10 30 34 70 16 e2 da d3 fd 5f d9 8c 67 76 7a | ..04p....._..gvz 30: a9 87 ad 5f e7 ef d6 bf 91 2e 46 14 83 55 14 e5 | ..._......F..U.. 40: 2b 5c e7 70 ee dc 89 8c 0a 8d 75 28 39 e3 07 e8 | +\.p......u(9... 50: 61 de 96 9d 6d 82 06 3d 46 7b 53 81 3b 2c fc 63 | a...m..=F{S.;,.c 60: 67 95 35 99 aa 6f f4 74 72 98 31 35 63 20 41 c2 | g.5..o.tr.15c A. 70: 78 37 d4 65 47 89 9b f7 4c 9b 62 aa | x7.eG...L.b. (124 bytes of 119) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 17 03 03 00 77 | ....w type = 23 (application_data) version = { 3,3 } length = 119 (0x77) < encrypted > } ] <-- [ 0: 17 03 03 01 15 e9 b5 25 8e c8 58 97 12 97 5a 6c | .......%..X...Zl 10: eb c5 77 7b 14 bf ee 19 6d a2 e9 79 df ba e6 1c | ..w{....m..y.... 20: 73 11 4a 80 b4 5f b6 be 06 1d dc b0 a5 08 b5 1d | s.J.._.......... 30: 80 e9 97 f0 95 e6 70 19 d5 8e ae b4 05 83 93 ab | ......p......... 40: 04 e0 c5 5b e0 aa c2 64 7a 4e 15 38 e2 3c 10 f6 | ...[...dzN.8.<.. 50: 99 3f d6 77 2f f3 6a dd 09 18 05 91 5f 9e 7d f8 | .?.w/.j....._.}. 60: b1 68 27 bb 5e 99 93 4b 8a e6 ac 0a 17 58 71 08 | .h'.^..K.....Xq. 70: 9f 9e 5b 87 e9 7b a5 6a 81 14 33 22 c3 aa a7 d1 | ..[..{.j..3".... 80: 17 73 45 c6 48 0a 6d 0f 38 c7 ca bc 89 56 f1 81 | .sE.H.m.8....V.. 90: 2a 7e 91 52 8a 3e 91 bb cf 66 e3 ea 1d 11 af da | *~.R.>...f...... a0: 8d 98 4b 66 f5 2f 99 64 df ec 23 9d 70 b2 55 eb | ..Kf./.d..#.p.U. b0: 7b 12 3e 0f 77 ca a3 b0 2e 7e 2d 3d 8b 1c f3 99 | {.>.w....~-=.... c0: 6a e3 6e 7f 8b b3 d2 58 f2 8e 3c 3b 7c 1f 7a ac | j.n...X..<;|.z. d0: 4c 8c 61 a6 f4 26 4b 9c f5 c9 74 8f 6f 82 19 d1 | L.a..&K...t.o... e0: f8 d4 17 4d 7c 77 37 bb b5 ed ba cd 78 0b 1a cd | ...M|w7.....x... f0: f3 93 74 e5 6e 4c ee 30 3f 55 0f dc 30 02 18 57 | ..t.nL.0?U..0..W 100: f3 b6 4b d3 96 6f 4d 8f 45 c9 a5 13 bf ce 8b ff | ..K..oM.E....... 110: 7d 01 d3 47 a2 da cf cc 17 63 17 03 03 00 78 e9 | }..G.....c....x. 120: b5 25 8e c8 58 97 13 36 4a 2e 23 74 97 1c a6 81 | .%..X..6J.#t.... 130: fd dc 6f 11 70 dd 3c f2 46 da d6 9d dd 85 32 06 | ..o.p.<.F.....2. 140: 0a 2a 95 17 20 53 74 48 67 a8 d0 86 d2 94 65 4c | .*.. StHg.....eL 150: 42 cf 83 ad 44 42 c7 1f c1 f3 41 25 6b 8f 53 db | B...DB....A%k.S. 160: 4e b4 7c a3 f1 e3 29 ff 32 26 13 73 1e cf 34 e3 | N.|...).2&.s..4. 170: d6 a9 40 4e 78 bf 3b 41 b6 96 48 ce f1 12 df e1 | ..@Nx.;A..H..... 180: f7 23 84 96 b5 67 61 62 1d 47 6a e9 01 9a a7 b0 | .#...gab.Gj..... 190: ec c4 1a 9d 51 08 b7 | ....Q.. (407 bytes of 277, with 125 left over) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 17 03 03 01 15 | ..... type = 23 (application_data) version = { 3,3 } length = 277 (0x115) < encrypted > } (407 bytes of 120) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 17 03 03 00 78 | ....x type = 23 (application_data) version = { 3,3 } length = 120 (0x78) < encrypted > } ] --> [ 0: 15 03 03 00 1a f0 cc 39 31 d2 d8 c7 15 46 a3 df | .......91....F.. 10: 01 ea ff 36 b5 ac de 6f 12 1f c8 5b 33 43 46 | ...6...o...[3CF (31 bytes of 26) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 15 03 03 00 1a | ..... type = 21 (alert) version = { 3,3 } length = 26 (0x1a) < encrypted > } ] <-- [ 0: 15 03 03 00 1a e9 b5 25 8e c8 58 97 14 4e 81 6f | .......%..X..N.o 10: ea 30 04 c1 1a 9e fc cc bc 07 9d 6c aa de 66 | .0.........l..f (31 bytes of 26) SSLRecord { [Sun Aug 14 22:06:29 2022] 0: 15 03 03 00 1a | ..... type = 21 (alert) version = { 3,3 } length = 26 (0x1a) < encrypted > } ] Read EOF on Client socket. [Sun Aug 14 22:06:29 2022] Read EOF on Server socket. [Sun Aug 14 22:06:29 2022] Connection 1 Complete [Sun Aug 14 22:06:29 2022] ``` **_Note_:** Could capture SSL traffic from haproxy. #### Reference https://www.virkki.com/jyri/articles/index.php/observing-ssl-requests/