• Stars
    star
    108
  • Rank 321,259 (Top 7 %)
  • Language
    Python
  • Created over 6 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Frida tool to dump an NSS Key Log for Wireshark, from a process using dynamically linked OpenSSL (or BoringSSL)

frida-sslkeylog

TODO: Need to improve reliability with the Wireshark SSL dissector. This is difficult to do without breaking ABI portability.

Frida tool to dump an NSS Key Log for Wireshark, from a process using dynamically linked OpenSSL (or BoringSSL).

This should include Java code on Android, or apps that bundle their own OpenSSL (or BoringSSL) dynamic library. But it does not support statically linked OpenSSL (or BoringSSL), or applications using alternative libraries such as Mozilla NSS.

This uses a Wireshark variant of the key log format, instead of the CLIENT_RANDOM label. This is because the Session ID and Master Key can be portably obtained through Frida, using the ASN.1 encoding of SSL_SESSION, but the Client Random cannot (it requires C structure accesses).

RSA Session-ID:<64 hex characters of Session ID> Master-Key:<96 hex characters of Master Key>

Despite the use of the label RSA, this is not RSA-specific.

Installation

Install the dependencies (frida-tools and pyasn1).

pip3 install -r requirements.txt

Usage

  1. If necessary, start Frida server on your Android device

    While this should work elsewhere, it was written for and only tested on Android.

  2. Run the Frida tool. For example, to connect to an Android device over USB

    ./sslkeylog -U -n <package name> -o <key log filename>

    As the key log file is opened in append mode, you can run multiple instances of the tool at the same time.

    Chromium-based browsers will not work because they statically link BoringSSL. Firefox-based browsers will not work because they use NSS.

  3. Set the "(Pre-)Master-Secret log filename" in the protocol configuration for SSL, in Wireshark. Wireshark should display a tab named "Decrypted SSL Data" for subsequent packets from the processes.

More Repositories

1

sudo-cve-2019-18634

Proof of Concept for CVE-2019-18634
C
205
star
2

ledger-mcu-backdoor

Proof of Concept for Ledger Nano S MCU exploit
C
167
star
3

badecparams

Proof of Concept for CVE-2020-0601
Python
65
star
4

mediatek_flash_tool

Library and command line tool for interacting with the MediaTek bootloader, for dumping and flashing firmware
C
61
star
5

evilrouterlogin

Proof of Concept for Netgear Routerlogin.com exploit
HTML
17
star
6

changemac

MAC address randomizer for the Qualcomm WCNSS Platform Driver
C
15
star
7

sha2-const

const fn implementation of the SHA-2 family of hash functions
Rust
14
star
8

nem-trezor-standalone

Offline tool for recovering NEM private keys from BIP39 mnemonics and importing them into NanoWallet
HTML
13
star
9

iota-eu-cma

Go
8
star
10

is-this-a-pigeon

Twitter bot for generating "Is this a pigeon?" memes
Python
7
star
11

pebble-libopencm3

Custom firmware for Pebble Time and Pebble Time Steel
C
5
star
12

rmupdate

Utility for fetching software updates from the reMarkable update server
Go
5
star
13

EmailX

Gradle project for building the AOSP Email and Exchange2 applications
Java
4
star
14

trezor-debug

Python REPL for accessing memory-mapped registers on a TREZOR
Python
4
star
15

android_log-rs

📒 Logger which writes to Android logging subsystem
Rust
4
star
16

unsafeless

Transmuting types in Go without using unsafe or reflect
Go
3
star
17

kard-rs

Chip card interface device (CCID) implementation for embedded devices
Rust
3
star
18

do-i-need-a-blockchain

JavaScript
2
star
19

text-maze

🍀 Proof-of-concept maze game written in Python
Python
2
star
20

android_device_amazon_soho

2
star
21

trezor-webusb

JavaScript
1
star
22

binary-ff1

Optimized Rust implementation of FF1 encryption with radix 2
Rust
1
star
23

slack-emoji-maker

JavaScript
1
star
24

bitcoin-block-hash

💰 Calculate the Genesis Block hash in a number of programming languages
C
1
star
25

twitter-punchcard

Python script to generate Twitter "punchcards"
Python
1
star
26

python-windows-scripts

Python
1
star
27

simplehttpserver

C
1
star
28

pyemv

A transport-agnostic Python library for interacting with ISO 7816 and EMV cards
Python
1
star