Network-Monitoring

在 NetMon 中為 nmdecrypt 專家獲取 nimbuzz 伺服器證書

  • April 13, 2012

我正在使用帶有 nmdecrypt 專家的 Network Monitor 3.4。我正在對話視窗中打開一個 nimbuzz 對話節點,然後點擊 Expert-> nmDecrpt -> run Expert

這顯示了一個視窗,我必須在其中添加伺服器證書。我不確定如何檢索 nimbuzz XMPP 聊天服務的伺服器證書。知道怎麼做嗎?

這個問題是這個問題的後續問題。

編輯一些背景,所以它可能是用伺服器公鑰加密的,我無法檢索消息,除非我調試本機二進製文件並嘗試攔截加密程式碼。我有一個測試客戶端(使用 agsXMPP),它能夠毫無問題地與 nimbuzz 連接。唯一不起作用的是添加隱形模式。看來這是我想獲取的登錄期間從官方客戶端發送的一些數據包。任何嘗試獲取此資訊的建議將不勝感激。也許我應該讓自己(並學習)IDA pro

這是我在網路監視器上檢查 TLS 幀的結果:

 Frame: Number = 81, Captured Frame Length = 769, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[...],SourceAddress:[....]
+ Ipv4: Src = ..., Dest = 192.168.2.101, Next Protocol = TCP, Packet ID = 9939, Total IP Length = 755
- Tcp: Flags=...AP..., SrcPort=5222, DstPort=3578, PayloadLen=715, Seq=4101074854 - 4101075569, Ack=1127356300, Win=4050 (scale factor 0x0) = 4050
   SrcPort: 5222
   DstPort: 3578
   SequenceNumber: 4101074854 (0xF4716FA6)
   AcknowledgementNumber: 1127356300 (0x4332178C)
 + DataOffset: 80 (0x50)
 + Flags: ...AP...
   Window: 4050 (scale factor 0x0) = 4050
   Checksum: 0x8841, Good
   UrgentPointer: 0 (0x0)
   TCPPayload: SourcePort = 5222, DestinationPort = 3578
 TLSSSLData: Transport Layer Security (TLS) Payload Data
- TLS: TLS Rec Layer-1 HandShake: Server Hello.; TLS Rec Layer-2 HandShake: Certificate.; TLS Rec Layer-3 HandShake: Server Hello Done.
 - TlsRecordLayer: TLS Rec Layer-1 HandShake:
    ContentType: HandShake:
  - Version: TLS 1.0
     Major: 3 (0x3)
     Minor: 1 (0x1)
    Length: 42 (0x2A)
  - SSLHandshake: SSL HandShake ServerHello(0x02)
     HandShakeType: ServerHello(0x02)
     Length: 38 (0x26)
   - ServerHello: 0x1
    + Version: TLS 1.0
    + RandomBytes: 
      SessionIDLength: 0 (0x0)
      TLSCipherSuite: TLS_RSA_WITH_AES_256_CBC_SHA            { 0x00, 0x35 }
      CompressionMethod: 0 (0x0)
 - TlsRecordLayer: TLS Rec Layer-2 HandShake:
    ContentType: HandShake:
  - Version: TLS 1.0
     Major: 3 (0x3)
     Minor: 1 (0x1)
    Length: 654 (0x28E)
  - SSLHandshake: SSL HandShake Certificate(0x0B)
     HandShakeType: Certificate(0x0B)
     Length: 650 (0x28A)
   - Cert: 0x1
      CertLength: 647 (0x287)
    - Certificates: 
       CertificateLength: 644 (0x284)
     - X509Cert: Issuer: nimbuzz.com,Nimbuzz,NL, Subject: nimbuzz.com,Nimbuzz,NL
      + SequenceHeader: 
      - TbsCertificate: Issuer: nimbuzz.com,Nimbuzz,NL, Subject: nimbuzz.com,Nimbuzz,NL
       + SequenceHeader: 
       + Tag0: 
       + Version: (2)
       + SerialNumber: -1018418383
       + Signature: Sha1WithRSAEncryption (1.2.840.113549.1.1.5)
       - Issuer: nimbuzz.com,Nimbuzz,NL
        - RdnSequence: nimbuzz.com,Nimbuzz,NL
         + SequenceOfHeader: 0x1
         + Name: NL
         + Name: Nimbuzz
         + Name: nimbuzz.com
       + Validity: From: 02/22/10 20:22:32 UTC To: 02/20/20 20:22:32 UTC
       + Subject: nimbuzz.com,Nimbuzz,NL
       - SubjectPublicKeyInfo: RsaEncryption (1.2.840.113549.1.1.1)
        + SequenceHeader: 
        + Algorithm: RsaEncryption (1.2.840.113549.1.1.1)
        - SubjectPublicKey: 
         - AsnBitStringHeader: 
          - AsnId: BitString type (Universal 3)
           - LowTag: 
              Class:    (00......) Universal (0)
              Type:     (..0.....) Primitive
              TagValue: (...00011) 3
          - AsnLen: Length = 141, LengthOfLength = 1
             LengthType: LengthOfLength = 1
             Length: 141 bytes
           BitString: 
       + Tag3: 
       + Extensions: 
      - SignatureAlgorithm: Sha1WithRSAEncryption (1.2.840.113549.1.1.5)
       - SequenceHeader: 
        - AsnId: Sequence and SequenceOf types (Universal 16)
         + LowTag: 
        - AsnLen: Length = 13, LengthOfLength = 0
           Length: 13 bytes, LengthOfLength = 0
       + Algorithm: Sha1WithRSAEncryption (1.2.840.113549.1.1.5)
       - Parameters: Null Value
        - Sha1WithRSAEncryption: Null Value
         + AsnNullHeader: 
      - Signature: 
       - AsnBitStringHeader: 
        - AsnId: BitString type (Universal 3)
         - LowTag: 
            Class:    (00......) Universal (0)
            Type:     (..0.....) Primitive
            TagValue: (...00011) 3
        - AsnLen: Length = 129, LengthOfLength = 1
           LengthType: LengthOfLength = 1
           Length: 129 bytes
         BitString: 
 + TlsRecordLayer: TLS Rec Layer-3 HandShake:

除非您是 Nimbuzz 的伺服器操作員,否則您無法獲得解密對話所需的私鑰。

引用自:https://serverfault.com/questions/379331