Jump to content

How to access symmetric key?


NotionCommotion

Recommended Posts

With PHP? No. SSL stuff is all handled by OpenSSL (or whatever you have installed) which tends not to expose information like that.

You could allow unsecure connections when a development mode is active, and/or when the connection is local. To troubleshoot locally.

Link to comment
Share on other sites

1 hour ago, requinix said:

With PHP? No. SSL stuff is all handled by OpenSSL (or whatever you have installed) which tends not to expose information like that.

Was afraid of that.  Evidently,  Firefox and Chrome both support logging the symmetric session key used to encrypt TLS traffic to a file, and Wireshark is configured to use this file and then can decrypted TLS traffic.  See  https://redflagsecurity.net/2019/03/10/decrypting-tls-wireshark/.  Well, I am not accessing the connection using FF or Chrome so that doesn't help me, but maybe there is a different way to do so with some Linux command? 

Link to comment
Share on other sites

The easiest solution if you need to view the traffic would be to either disable encryption or pass the traffic through a proxy that can log the traffic then pass it on.

Alternatively, modify your code to log traffic it sends/receives across the socket.  I usually include some sort of raw traffic logging ability in things I develop for easy debugging.

Link to comment
Share on other sites

15 hours ago, kicken said:

The easiest solution ... or pass the traffic through a proxy that can log the traffic then pass it on.

Can you elaborate?

15 hours ago, kicken said:

Alternatively, modify your code to log traffic it sends/receives across the socket.  I usually include some sort of raw traffic logging ability in things I develop for easy debugging.

I like it!  I take it you log the entire message with either deliminator or length prefix, right?  Have you ever used CBOR (which I am doing) or similar or compressed JSON?  With straight JSON, it should be easy enough to determine message breaks based on visually looking for known words, but not so if scrambled.  I probably need to log both the pre and post CBOR raw message, and maybe take other steps.  Any lessons learned would be appreciated.

Link to comment
Share on other sites

17 hours ago, NotionCommotion said:

I take it you log the entire message with either deliminator or length prefix, right? 

I'd log whatever I see across the socket.  For example:

public function read(){
    $data = fread($this->socket, 8192);
    $this->logger->debug('Socket data read: {data}', ['data' => $data]);

    return $data;
}

public function write($data){
    fwrite($this->socket, $data);
    $this->logger->debug('Socket data written: {data}', ['data' =>$data]);
}

The idea is just to have a record in case it is needed to debug a problem.  If the data being read/written was binary rather than plain text, then I'd either base64_encode or bin2hex it first.

Higher levels of the app  would have additional logging.  For example whatever code parses the raw data into some useful data structure may then log the result of that parsing.

18 hours ago, NotionCommotion said:

Have you ever used CBOR (which I am doing) or similar or compressed JSON?

I have not.   Like I mentioned above though, for non-string data you can always encode it before printing.    bin2hex is nice for as you can easily inspect and compare individual bytes of data.  it doubles the size of whatever data you're logging though.  base64_encode uses less space and can compare whole values easily, but requires decoding to do detailed comparisons.

 

Link to comment
Share on other sites

On 6/14/2019 at 1:06 AM, kicken said:

I'd log whatever I see across the socket.  For example:


public function read(){
    $data = fread($this->socket, 8192);
    $this->logger->debug('Socket data read: {data}', ['data' => $data]);

    return $data;
}

public function write($data){
    fwrite($this->socket, $data);
    $this->logger->debug('Socket data written: {data}', ['data' =>$data]);
}

 

Is your logger just a simple homespun write to a file or something more?  When monitoring  the server, how do you deal with keeping each client separate?

Thanks

PS.  Sorry for getting off topic.

Link to comment
Share on other sites

On 6/16/2019 at 9:17 AM, NotionCommotion said:

Is your logger just a simple homespun write to a file or something more?

Usually monolog.

On 6/16/2019 at 9:17 AM, NotionCommotion said:

When monitoring  the server, how do you deal with keeping each client separate?

Most of the time I'm just dealing with client side stuff, talking to a separate server.  However, the simple solution would be to just assign a unique identifier to each client and include that with each client's log messages.  I've done something like that with web applications before.  Each request generates a unique id and that ID is included in all the log messages.  That way when reviewing a log later I can easily find related log messages.

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.