【Security】Wireshake抓包分析HTTPS

Posted by 西维蜀黍 on 2019-05-13, Last Modified on 2024-05-02

抓包1

过滤条件:ssl && ip.addr == 180.101.53.2 && tcp.port == 55583

Client-hellos 阶段

本机 -> 180.101.53.2 Handshake Protocol: Client Hello(#37)

Server-hello 阶段

180.101.53.2-> 本机 Handshake Protocol: Server Hello(#38)

180.101.53.2-> 本机 Handshake Protocol: Certificate、Handshake Protocol: Server Key Exchange、Handshake Protocol: Server Hello Done(#40)

Cipher-spec 阶段

本机 -> 180.101.53.2 Handshake Protocol: Client Key Exchange、Change Cipher Spec Protocol: Change Cipher Spec、Handshake Protocol: Encrypted Handshake Message(#43)

180.101.53.2-> 本机 Change Cipher Spec Protocol: Change Cipher Spec、Handshake Protocol: Encrypted Handshake Message(#44)

本机 -> 180.101.53.2 Application Data Protocol: http-over-tls(#46)

抓包2

我们在浏览器地址栏中输入https://www.baidu.com

通过增加过滤条件((ssl || tcp) && ip.addr == 14.215.177.39) || dns

DNS查询(#2159,#2166)

三次握手(#2167,#2184,#2186)

Client-hello 阶段

本机 -> 14.215.177.39 Client Hello(#2187)

Server-hello 阶段

14.215.177.39 -> 本机 Server Hello(#2194)

Certificate

Server Key Exchange

Server Hello Done

Cipher-spec 阶段

Client Key Exchange

Change Cipher Spec

Encrypted Handshake Message

14.215.177.39 -> 本机