PlainSSL
PlainSSL copied to clipboard
Hooking calls to libssl (openssl) to decrypt ssl traffic
generic way to look into ssl traffic (hooking libssl library calls and dumping the key)
credits: https://security.stackexchange.com/questions/80158/extract-pre-master-keys-from-an-openssl-application
the LD_PRELOAD way
How to
- cc sslkeylog.c -shared -o libsslkeylog.so -fPIC -ldl
- sudo tcpdump -i any port 443 -w out
- SSLKEYLOGFILE=premaster.txt LD_PRELOAD=./libsslkeylog.so curl https://heise.de
- wireshark -o ssl.keylog_file:premaster.txt out