java - 使用 pcap4J 解密 HTTPS 数据包

Question

在 Java 中，我使用 pcap4J捕获我的计算机上运行的另一个应用程序的网络流量。我用来执行此操作的代码如下:

import org.pcap4j.core.*;
import org.pcap4j.packet.Packet;
import org.pcap4j.util.NifSelector;

import java.io.IOException;

import static org.pcap4j.core.BpfProgram.BpfCompileMode.OPTIMIZE;
import static org.pcap4j.core.PcapNetworkInterface.PromiscuousMode.PROMISCUOUS;

public class Pcap4jLoop
{
    public static void main(String[] arguments) throws Exception
    {
        PcapNetworkInterface networkDevice = getNetworkDevice();

        try (PcapHandle handle = networkDevice.openLive(65536, PROMISCUOUS, 50))
        {
            String serverIP = "..."; // Filter for packets with just one server
            String bpfExpression = "dst host " + serverIP + " || src host " + serverIP;
            handle.setFilter(bpfExpression, OPTIMIZE);

            PacketListener listener = packet -> printPacket(packet, handle);

            handle.loop(Integer.MAX_VALUE, listener);

            //noinspection InfiniteLoopStatement,StatementWithEmptyBody
            while (true)
            {

            }
        }
    }

    private static PcapNetworkInterface getNetworkDevice() throws IOException
    {
        NifSelector nifSelector = new NifSelector();
        PcapNetworkInterface nif = nifSelector.selectNetworkInterface();
        if (nif == null)
        {
            System.exit(1);
        }
        return nif;
    }

    private static void printPacket(Packet packet, PcapHandle pcapHandle)
    {
        StringBuilder sb = new StringBuilder();
        sb.append("A packet captured at ")
                .append(pcapHandle.getTimestampPrecision())
                .append(":");
        System.out.println(sb);
        System.out.println(packet);
    }
}

不幸的是，流量是加密的，因此无法分析。另一个名为 Fiddler 的应用程序然而，无需任何特殊配置或服务器私钥即可很好地解密流量。 Fiddler 可以显示我感兴趣的正在交换的 JSON 结构。我怎样才能在 Java 代码中做同样的事情以便使用捕获的 JSON 对象？ (本题是解密部分，不是后面的解析部分)

Answer 1

正如评论者对这个问题的评论:

By definition you can not decrypt any TLS traffic (so that includes HTTPS) if you do not control either side or are able to have either side give you the negotiated master key and client random used. Just trying to decrypt any random TLS traffic will not be possible. Fiddler does it by being a man-in-the-middle, not by decrypting traffic sent directly between two other computers. While Fiddler does not need special configuration the client needs a special configuration, i.e. it needs to trust the certificate authority used by Fiddler to dynamically create certificates.