O exemplo (s) eu encontrei o comando assim:
$ sudo ssldump -i bge0 -d -k /tmp/myserverkey port 8088
Enter PEM pass phrase:
Then I connect to my server from a browser:
New TCP connection #1: laptop(39699) <-> myserver(8088)
1 1 0.0853 (0.0853) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
Unknown value 0x39
Unknown value 0x38
Unknown value 0x35
Unknown value 0x33
Unknown value 0x32
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
Unknown value 0x2f
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
1 2 0.0856 (0.0002) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
08 22 c2 25 34 4e 85 61 dd 24 ba 9a 59 a2 dc b0
77 a0 3f b7 ac c9 d3 ce 76 4a b5 42 cc 44 30 fb
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
Certificate
ServerHelloDone
1 3 6.1870 (6.1013) C>S Handshake
ClientKeyExchange
1 4 6.1870 (0.0000) C>S ChangeCipherSpec
1 5 6.1870 (0.0000) C>S Handshake
Finished
1 6 6.1931 (0.0061) S>C ChangeCipherSpec
1 7 6.1931 (0.0000) S>C Handshake
Finished
1 8 6.2852 (0.0921) C>S application_data
---------------------------------------------------------------
GET / HTTP/1.1
Host: myserver:8088
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041217
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,\*/\*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,\*;q=0.7
Keep-Alive: 300
Connection: keep-alive
---------------------------------------------------------------
1 9 6.2859 (0.0007) S>C application_data
---------------------------------------------------------------
HTTP/1.1 403 Forbidden
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 27 Apr 2006 08:12:15 GMT
Content-length: 142
Content-type: text/html
Obtendo seu arquivo-chave .pem
trecho de blog Oracle de Jyri Virkki
If given access to the server private key,
ssldump
can decrypt the traffic to and from that server on the fly. That's where it gets really useful. We'll need to do a bit of prep work to set this up.First, extract the private key from the server instance into a PKCS#12 format file using
pk12util
.You'll need to know the nickname of the server keypair/cert (see your
server.xml
) for the-n
parameter.I changed to the directory where the NSS
*.db
files live so I type"-d ."
. Alternatively you could run the command from elsewhere by giving the right path. Finally, I'm running JES Web Server 7.0 so there is no prefix to the NSS files, but if you are on 6.1 you'll need to give a-P
parameter with the right prefix for that instance.$ pk12util -o myserver.pk12 -n Server-Cert -d . -v Enter Password or Pin for "NSS Certificate DB": Enter password for PKCS12 file: Re-enter password: pk12util: PKCS12 EXPORT SUCCESSFUL
Perhaps needless to say, but if this was a production server I'd have to be very careful where I store this private key file. Keep that in mind.
Next I'll just convert this to a format suitable for
ssldump
usingopenssl
:$ openssl pkcs12 -in myserver.pk12 -out myserverkey Enter Import Password: MAC verified OK Enter PEM pass phrase: Enter PEM pass phrase: Verifying - Enter PEM pass phrase: