SSL - nimrody/knowledgebase GitHub Wiki

SSL or TLS or HTTPS

• HTTPS proxying by example - shows the TLS handshake exchange

• The first few millisconds of HTPS

• Detailed TLS handshake

Capturing SNI

tshark   -r sj_b23_301019_1300_10413200_1hour.cap  -Y 'ssl.handshake.extension.type == "server_name"' \
        -Tfields -E header=y -E separator=/t -E occurrence=a -E aggregator=\|  \
        -e ssl.handshake.extensions_server_name | tee server_name.tsv

Capturing server certificate

tshark  -2 -r sj_b23_301019_1300_10413200_1hour.cap  -R "ssl.handshake.certificate" -Tfields \
        -E header=y -E separator=/t -E occurrence=a -E aggregator=\| \
        -e x509sat.uTF8String -e x509sat.printableString \
        -e x509sat.universalString -e x509sat.teletexString -e x509sat.IA5String  > ssl-all.tsv