Writing SSL client and server keys keys

1
votes

I am trying to export/write the SSL master secret and keys to a file from the chromium browser. I would appreciate if someone could advice me how to do this.

To write the premaster secret we can simply export the SSLKEYLOGFILE variable in the environment. The premaster secrets can be used by wireshark to decrypt an HTTPS session.

The premaster secret is used to compute the master secret which is further used to create 6 keys - CLIENT_WRITE_MAC CLIENT_IV CLIENT_WRITE and 3 more for the server.

I want to output these keys to a file instead of the premaster secret.

I figured if I could use wireshark code to simply output it but this is more complex I believe the code for wireshark handling SSL packets and using the premaster secret is in here. github.com/boundary/wireshark/blob/master/epan/dissectors/packet-ssl-utils.c

Another way to proceed is to make changes to the chromium browser and compile it. I think changes need to be made here. https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/derive.c&q=client_write_mac_secret&sq=package:chromium&type=cs&l=214

I was going through more source code and I found this file to be related.

https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/sslsock.c&q=SSLKEYLOG&sq=package:chromium&dr=C&l=3569

Looking at the code above I notice that there are more environment variables that can be set. Does anybody know if the SSLDEBUG environment can be set in the same way as the SSLKEYLOG variable. Any other way or technique to do this would help also

I have not been able to successfully do export the keys so far.

1
google-chromesslhttpsopensslwireshark
You probably want the Master secret (after mixing nonces and derivation), and not the Premaster secret (lacks client and server random nonces). Also see Psst. Your Browser Knows All Your Secrets. - jww

1 Answers

0
votes

I figured it out. To do this, you need to download the latest version of wireshark source code. I ran my test on Wireshark 2.0.1

You need to make changes to the file - /epan/dissectors/packet-ssl-utils.c in the wireshark source folder.

Print the variables to a file from line 3179 - 3194. You can find the Client write key, Server write key, Client MAC key, Server MAC key, Cient IV and Server IV)

To write to a file in C use this

File *fptr; fptr = fopen("directory you want to open a file in", "a+");

fprintf("data"); // this will write data to the file

Note - To do it a more objective way, change and create the following functions

void custom_ssl_print_data(const gchar* name, const guchar* data, size_t len){

//Write the following lines

File *ssl_debug_file;

ssl_debug_file=fopen("directory you want to open the file in","a+");

//Copy original functionality from line 4927

}

void custom_ssl_print_string(const gchar* name, const StringInfo* data){

//Copy original functionality from line 4953 }

Now use these functions to export your keys to a file.

Go to the main wireshark source folder. Run ./autogen.sh

./configure

sudo make

sudo make install

and run wireshark in the terminal. ( You still need to feed wireshark the premaster secret file by exporting the SSLKEYLOGFILE environment variable)