ecapture
ecapture copied to clipboard
gojue
DTLS protocol support
Describe the bug To decrypt WebRTC calls are required to know encryption keys. WebRTC calls participants exchanges encryption keys using DTLS protocol. Could you add the ability to log DTLS protocol details? Example of WebRTC calls with DTLS protocols attached in PCAP.
- webrtc-raw.pcapng
- tls.keys - TLS encryptions keys.
- webrtc-withkey.pcapng - PCAP with embedded TLS encryption keys.
To embed TLS encryption keys was used command.
editcap --inject-secrets tls,tls.keys webrtc-raw.pcapng webrtc-withkey.pcapng
Also, some screenshots how Wireshark can decrypt TLS sessions.
It will be fine to get DTLS keys and later embed into PCAP.
To Reproduce Steps to reproduce the behavior:
- start WebRTC client
- register SIP account in the WebRTC client.
- make a call using WebRTC client
Expected behavior ecapture will output DTLS protocol details, especially encryption keys.
DTLS packets can be found using filter
dtls
Screenshot attached
And I forget to add PCAP with keys webrtc-raw.pcapng.gz tls.keys.gz webrtc-withkey.pcapng.gz
Which TLS encryption library does WebRTC use? Is it OpenSSL?
upload ldd /path/webRTC output here.
Hello @cfc4n I use Google Chrome as the browser on Fedora 39. On my PC ldd output will be
safarov@nout:~$ ldd /opt/google/chrome/chrome| grep tls
libgnutls.so.30 => /lib64/libgnutls.so.30 (0x00007f1102400000)
And full outbout
safarov@nout:~$ ldd /opt/google/chrome/chrome
linux-vdso.so.1 (0x00007ffe2d7a7000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fac2a67c000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fac2a677000)
libgobject-2.0.so.0 => /lib64/libgobject-2.0.so.0 (0x00007fac1bda0000)
libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007fac1bc56000)
libnss3.so => /lib64/libnss3.so (0x00007fac1bb1b000)
libnssutil3.so => /lib64/libnssutil3.so (0x00007fac2a644000)
libsmime3.so => /lib64/libsmime3.so (0x00007fac1baf0000)
libnspr4.so => /lib64/libnspr4.so (0x00007fac1baac000)
libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00007fac1ba57000)
libatk-1.0.so.0 => /lib64/libatk-1.0.so.0 (0x00007fac1ba2d000)
libatk-bridge-2.0.so.0 => /lib64/libatk-bridge-2.0.so.0 (0x00007fac1b9f0000)
libcups.so.2 => /lib64/libcups.so.2 (0x00007fac1b94d000)
libgio-2.0.so.0 => /lib64/libgio-2.0.so.0 (0x00007fac1b775000)
libdrm.so.2 => /lib64/libdrm.so.2 (0x00007fac1b75e000)
libatspi.so.0 => /lib64/libatspi.so.0 (0x00007fac1b723000)
libexpat.so.1 => /lib64/libexpat.so.1 (0x00007fac1b6f8000)
libm.so.6 => /lib64/libm.so.6 (0x00007fac1b617000)
libX11.so.6 => /lib64/libX11.so.6 (0x00007fac1b4d0000)
libXcomposite.so.1 => /lib64/libXcomposite.so.1 (0x00007fac2a639000)
libXdamage.so.1 => /lib64/libXdamage.so.1 (0x00007fac2a634000)
libXext.so.6 => /lib64/libXext.so.6 (0x00007fac1b4bc000)
libXfixes.so.3 => /lib64/libXfixes.so.3 (0x00007fac1b4b4000)
libXrandr.so.2 => /lib64/libXrandr.so.2 (0x00007fac1b4a7000)
libgbm.so.1 => /lib64/libgbm.so.1 (0x00007fac1b496000)
libxcb.so.1 => /lib64/libxcb.so.1 (0x00007fac1b46b000)
libxkbcommon.so.0 => /lib64/libxkbcommon.so.0 (0x00007fac1b422000)
libpango-1.0.so.0 => /lib64/libpango-1.0.so.0 (0x00007fac1b3b8000)
libcairo.so.2 => /lib64/libcairo.so.2 (0x00007fac1b281000)
libasound.so.2 => /lib64/libasound.so.2 (0x00007fac1b16d000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fac1b148000)
libc.so.6 => /lib64/libc.so.6 (0x00007fac1af64000)
/lib64/ld-linux-x86-64.so.2 (0x00007fac2a698000)
libffi.so.8 => /lib64/libffi.so.8 (0x00007fac1af54000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fac1aeb9000)
libplc4.so => /lib64/libplc4.so (0x00007fac1aeb2000)
libplds4.so => /lib64/libplds4.so (0x00007fac1aead000)
libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007fac1adb8000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fac1ad62000)
libavahi-common.so.3 => /lib64/libavahi-common.so.3 (0x00007fac1ad54000)
libavahi-client.so.3 => /lib64/libavahi-client.so.3 (0x00007fac1ad40000)
libgnutls.so.30 => /lib64/libgnutls.so.30 (0x00007fac1aa00000)
libz.so.1 => /lib64/libz.so.1 (0x00007fac1ad26000)
libgmodule-2.0.so.0 => /lib64/libgmodule-2.0.so.0 (0x00007fac1ad1d000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007fac1accc000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fac1ac9f000)
libXi.so.6 => /lib64/libXi.so.6 (0x00007fac1ac8c000)
libXrender.so.1 => /lib64/libXrender.so.1 (0x00007fac1ac80000)
libwayland-server.so.0 => /lib64/libwayland-server.so.0 (0x00007fac1ac67000)
libxcb-randr.so.0 => /lib64/libxcb-randr.so.0 (0x00007fac1ac55000)
libXau.so.6 => /lib64/libXau.so.6 (0x00007fac1ac4f000)
libfribidi.so.0 => /lib64/libfribidi.so.0 (0x00007fac1ac30000)
libthai.so.0 => /lib64/libthai.so.0 (0x00007fac1a9f5000)
libharfbuzz.so.0 => /lib64/libharfbuzz.so.0 (0x00007fac1a8e7000)
libpng16.so.16 => /lib64/libpng16.so.16 (0x00007fac1a8ac000)
libfontconfig.so.1 => /lib64/libfontconfig.so.1 (0x00007fac1a85d000)
libfreetype.so.6 => /lib64/libfreetype.so.6 (0x00007fac1a78d000)
libxcb-render.so.0 => /lib64/libxcb-render.so.0 (0x00007fac1a77e000)
libxcb-shm.so.0 => /lib64/libxcb-shm.so.0 (0x00007fac1a779000)
libpixman-1.so.0 => /lib64/libpixman-1.so.0 (0x00007fac1a6c9000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fac1a6bd000)
liblz4.so.1 => /lib64/liblz4.so.1 (0x00007fac1a69b000)
liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fac1a668000)
libzstd.so.1 => /lib64/libzstd.so.1 (0x00007fac1a5a9000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fac1a4d0000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fac1a4b6000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fac1a4af000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fac1a49f000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fac1a498000)
libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007fac19e00000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fac1a487000)
libp11-kit.so.0 => /lib64/libp11-kit.so.0 (0x00007fac1a2f4000)
libidn2.so.0 => /lib64/libidn2.so.0 (0x00007fac19dde000)
libunistring.so.5 => /lib64/libunistring.so.5 (0x00007fac19c2e000)
libtasn1.so.6 => /lib64/libtasn1.so.6 (0x00007fac1a2de000)
libnettle.so.8 => /lib64/libnettle.so.8 (0x00007fac19bd6000)
libhogweed.so.6 => /lib64/libhogweed.so.6 (0x00007fac19b93000)
libgmp.so.10 => /lib64/libgmp.so.10 (0x00007fac19aee000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fac19ab2000)
libdatrie.so.1 => /lib64/libdatrie.so.1 (0x00007fac19aa9000)
libgraphite2.so.3 => /lib64/libgraphite2.so.3 (0x00007fac19a88000)
libxml2.so.2 => /lib64/libxml2.so.2 (0x00007fac19914000)
libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fac19900000)
libbrotlidec.so.1 => /lib64/libbrotlidec.so.1 (0x00007fac198f2000)
libbrotlicommon.so.1 => /lib64/libbrotlicommon.so.1 (0x00007fac198cf000)
And for server side
[centos@sbc-stage-a0 ~]$ ldd /usr/local/sbin/kamailio
linux-vdso.so.1 (0x0000ffff866e0000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff86670000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000ffff86630000)
libm.so.6 => /lib64/libm.so.6 (0x0000ffff86560000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff86520000)
libc.so.6 => /lib64/libc.so.6 (0x0000ffff863a0000)
/lib/ld-linux-aarch64.so.1 (0x0000ffff866f0000)
[centos@sbc-stage-a0 ~]$ ldd /usr/local/lib64/kamailio/modules/tls.so
linux-vdso.so.1 (0x0000ffffbb3e0000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffbb290000)
libm.so.6 => /lib64/libm.so.6 (0x0000ffffbb1c0000)
libssl.so.1.1 => /lib64/libssl.so.1.1 (0x0000ffffbb110000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x0000ffffbae50000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffffbae10000)
libc.so.6 => /lib64/libc.so.6 (0x0000ffffbac90000)
/lib/ld-linux-aarch64.so.1 (0x0000ffffbb3f0000)
libz.so.1 => /lib64/libz.so.1 (0x0000ffffbac50000)
[centos@sbc-stage-a0 ~]$ rpm -qf /lib64/libssl.so.1.1
openssl-libs-1.1.1k-12.el8.aarch64
[centos@sbc-stage-a0 ~]$ rpm -qf /lib64/libcrypto.so.1.1
openssl-libs-1.1.1k-12.el8.aarch64
Here is list of used libs for FreeSwitch daemon
[root@sbc-stage-a0 sip-aggregator2]# ldd /usr/bin/freeswitch
linux-vdso.so.1 (0x0000ffffb4bc0000)
libodbc.so.2 => /usr/lib64/libodbc.so.2 (0x0000ffffb4b20000)
libm.so.6 => /usr/lib64/libm.so.6 (0x0000ffffb4a50000)
libfreeswitch.so.1 => /usr/lib64/libfreeswitch.so.1 (0x0000ffffb45e0000)
libpq.so.5 => /usr/lib64/libpq.so.5 (0x0000ffffb4570000)
libsqlite3.so.0 => /usr/lib64/libsqlite3.so.0 (0x0000ffffb4440000)
libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x0000ffffb4390000)
libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x0000ffffb4300000)
libspeex.so.1 => /usr/lib64/libspeex.so.1 (0x0000ffffb42c0000)
libspeexdsp.so.1 => /usr/lib64/libspeexdsp.so.1 (0x0000ffffb4290000)
libedit.so.0 => /usr/lib64/libedit.so.0 (0x0000ffffb4230000)
libspandsp.so.3 => /usr/lib64/libspandsp.so.3 (0x0000ffffb4130000)
libsofia-sip-ua.so.0 => /usr/lib64/libsofia-sip-ua.so.0 (0x0000ffffb3f70000)
libpng16.so.16 => /usr/lib64/libpng16.so.16 (0x0000ffffb3f20000)
libz.so.1 => /usr/lib64/libz.so.1 (0x0000ffffb3ee0000)
libuuid.so.1 => /usr/lib64/libuuid.so.1 (0x0000ffffb3eb0000)
librt.so.1 => /usr/lib64/librt.so.1 (0x0000ffffb3e80000)
libdl.so.2 => /usr/lib64/libdl.so.2 (0x0000ffffb3e50000)
libcrypt.so.1 => /usr/lib64/libcrypt.so.1 (0x0000ffffb3e10000)
libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x0000ffffb3dd0000)
libssl.so.1.1 => /usr/lib64/libssl.so.1.1 (0x0000ffffb3d20000)
libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1 (0x0000ffffb3a60000)
libc.so.6 => /usr/lib64/libc.so.6 (0x0000ffffb38e0000)
libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x0000ffffb38b0000)
/lib/ld-linux-aarch64.so.1 (0x0000ffffb4bd0000)
libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x0000ffffb3700000)
libgcc_s.so.1 => /usr/lib64/libgcc_s.so.1 (0x0000ffffb36c0000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x0000ffffb3650000)
libldap_r-2.4.so.2 => /usr/lib64/libldap_r-2.4.so.2 (0x0000ffffb35d0000)
libnghttp2.so.14 => /usr/lib64/libnghttp2.so.14 (0x0000ffffb3580000)
libidn2.so.0 => /usr/lib64/libidn2.so.0 (0x0000ffffb3540000)
libssh.so.4 => /usr/lib64/libssh.so.4 (0x0000ffffb34b0000)
libpsl.so.5 => /usr/lib64/libpsl.so.5 (0x0000ffffb3480000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000ffffb3370000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x0000ffffb3330000)
libcom_err.so.2 => /usr/lib64/libcom_err.so.2 (0x0000ffffb3300000)
libldap-2.4.so.2 => /usr/lib64/libldap-2.4.so.2 (0x0000ffffb3290000)
liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2 (0x0000ffffb3260000)
libbrotlidec.so.1 => /usr/lib64/libbrotlidec.so.1 (0x0000ffffb3230000)
libtinfo.so.6 => /usr/lib64/libtinfo.so.6 (0x0000ffffb31e0000)
libtiff.so.5 => /usr/lib64/libtiff.so.5 (0x0000ffffb3140000)
libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x0000ffffb30e0000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x0000ffffb30b0000)
libkeyutils.so.1 => /usr/lib64/libkeyutils.so.1 (0x0000ffffb3060000)
libresolv.so.2 => /usr/lib64/libresolv.so.2 (0x0000ffffb3020000)
libsasl2.so.3 => /usr/lib64/libsasl2.so.3 (0x0000ffffb2fe0000)
libunistring.so.2 => /usr/lib64/libunistring.so.2 (0x0000ffffb2e40000)
libbrotlicommon.so.1 => /usr/lib64/libbrotlicommon.so.1 (0x0000ffffb2e00000)
libjbig.so.2.1 => /usr/lib64/libjbig.so.2.1 (0x0000ffffb2dd0000)
libselinux.so.1 => /usr/lib64/libselinux.so.1 (0x0000ffffb2d80000)
libpcre2-8.so.0 => /usr/lib64/libpcre2-8.so.0 (0x0000ffffb2ce0000)
[root@sbc-stage-a0 sip-aggregator2]# rpm -qf /usr/lib64/libcrypt.so.1
libxcrypt-4.1.1-6.el8.aarch64
[root@sbc-stage-a0 sip-aggregator2]# rpm -qf /usr/lib64/libssl.so.1.1
openssl-libs-1.1.1k-12.el8.aarch64
[root@sbc-stage-a0 sip-aggregator2]# rpm -qf /usr/lib64/libcrypto.so.1.1
openssl-libs-1.1.1k-12.el8.aarch64
eCapture currently only supports key capture for openssl, also known as libssl.so, and does not temporarily support key capture for gnutls or other libraries.
You need to first determine which library your process is using. Then read ecapture tls --help or ecapture gnutls --help for more assistance.