dnscap icon indicating copy to clipboard operation
dnscap copied to clipboard

Published 20 hours ago verified publisher icon DNS-OARC

Feature proposal: DoT logging using SSLKEYLOGFILE

Open pspacek opened this issue 5 years ago • 0 comments

Modern versions of SSL libraries support TLS session key logging via environment variable SSLKEYLOGFILE. This opens possibility to decipher TLS traffic in dnscap and to log DNS traffic from "inside" of the TLS channel.

Roughly:

  1. Set SSLKEYLOGFILE in DNS server environment to a file or pipe
  2. dnscap reads session keys from given file or pipe
  3. TLS traffic is decrypted using given session key
  4. DNS packets are saved into output as usual.

Wireshark already implements this so there is possibility get inspiration in its code base.

pspacek avatar Dec 09 '19 12:12 pspacek