在 Java
中,我使用 pcap4J
捕获我的计算机上运行的另一个应用程序的网络流量。我用来执行此操作的代码如下:
import org.pcap4j.core.*;
import org.pcap4j.packet.Packet;
import org.pcap4j.util.NifSelector;
import java.io.IOException;
import static org.pcap4j.core.BpfProgram.BpfCompileMode.OPTIMIZE;
import static org.pcap4j.core.PcapNetworkInterface.PromiscuousMode.PROMISCUOUS;
public class Pcap4jLoop
{
public static void main(String[] arguments) throws Exception
{
PcapNetworkInterface networkDevice = getNetworkDevice();
try (PcapHandle handle = networkDevice.openLive(65536, PROMISCUOUS, 50))
{
String serverIP = "..."; // Filter for packets with just one server
String bpfExpression = "dst host " + serverIP + " || src host " + serverIP;
handle.setFilter(bpfExpression, OPTIMIZE);
PacketListener listener = packet -> printPacket(packet, handle);
handle.loop(Integer.MAX_VALUE, listener);
//noinspection InfiniteLoopStatement,StatementWithEmptyBody
while (true)
{
}
}
}
private static PcapNetworkInterface getNetworkDevice() throws IOException
{
NifSelector nifSelector = new NifSelector();
PcapNetworkInterface nif = nifSelector.selectNetworkInterface();
if (nif == null)
{
System.exit(1);
}
return nif;
}
private static void printPacket(Packet packet, PcapHandle pcapHandle)
{
StringBuilder sb = new StringBuilder();
sb.append("A packet captured at ")
.append(pcapHandle.getTimestampPrecision())
.append(":");
System.out.println(sb);
System.out.println(packet);
}
}
不幸的是,流量是加密的,因此无法分析。另一个名为 Fiddler
的应用程序然而,无需任何特殊配置或服务器私钥即可很好地解密流量。 Fiddler 可以显示我感兴趣的正在交换的 JSON
结构。我怎样才能在 Java
代码中做同样的事情以便使用捕获的 JSON
对象? (本题是解密部分,不是后面的解析部分)
最佳答案
正如评论者对这个问题的评论:
By definition you can not decrypt any
TLS
traffic (so that includesHTTPS
) if you do not control either side or are able to have either side give you the negotiated master key and client random used. Just trying to decrypt any randomTLS
traffic will not be possible.Fiddler
does it by being a man-in-the-middle, not by decrypting traffic sent directly between two other computers. WhileFiddler
does not need special configuration the client needs a special configuration, i.e. it needs to trust the certificate authority used byFiddler
to dynamically create certificates.
关于java - 使用 pcap4J 解密 HTTPS 数据包,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51884434/