tsaarni · November 15, 2019 19:15
diff --git a/extract-pre-master-secret.py b/extract-pre-master-secret.py
 #!/usr/bin/env python3
 #
 # Extract TLS pre-master secret to decrypt captured TLS stream in Wireshark
 #
 # Java TLS implementation can be configured to dump information on TLS stream,
 # making it possible to extracting TLS key for decrypting the stream for debug
 # purposes.
 #
 # This script is originally by Timothy Basanov
 #   https://timothybasanov.com/2016/05/26/java-pre-master-secret.html
 #
 # Run the application
 #   java .... -Djavax.net.debug=ssl,keygen | extract-pre-master-secret.py keys.log
 #
 # To decode TLS stream in Wireshark
 #   1. select packet with TLS layer
 #   2. right-click and choose "Protocol preferences / Open Transport Layer Security Preferences"
 #   3. select "keys.log" file in (Pre)-Master-Secret log filename
 #

 import sys
 import re

 def extract_data_from_line(line):
  m = re.match('\d+:([ 0-9A-F]{51}) .*', line)
  if m:
    return m.group(1).replace(' ', '')
  else:
    raise line


 def main(args):

  if len(args) != 2:
    sys.exit('Usage: {} logfile.txt'.format(args[0]))

  logfile = open(args[1], 'w')

  parsing_mastersecret_line = 0
  parsing_clientnonce_line = 0

  for line in sys.stdin:
    print(line, end='')

    if parsing_mastersecret_line:
      parsing_mastersecret_line += 1
    if parsing_clientnonce_line:
      parsing_clientnonce_line += 1

    if line == 'Client Nonce:\n':
      parsing_clientnonce_line = 1
      cn = ''
    if 2 <= parsing_clientnonce_line <= 3:
      cn = cn + extract_data_from_line(line)

    if line == 'Master Secret:\n':
      parsing_mastersecret_line = 1
      ms = ""
    if 2 <= parsing_mastersecret_line <= 4:
      ms = ms + extract_data_from_line(line)

    if 5 == parsing_mastersecret_line:
      print('CLIENT_RANDOM {} {}'.format(cn, ms), file=logfile)
      logfile.flush()


 if __name__ == '__main__':
    main(sys.argv)
	#!/usr/bin/env python3
	#
	# Extract TLS pre-master secret to decrypt captured TLS stream in Wireshark
	#
	# Java TLS implementation can be configured to dump information on TLS stream,
	# making it possible to extracting TLS key for decrypting the stream for debug
	# purposes.
	#
	# This script is originally by Timothy Basanov
	# https://timothybasanov.com/2016/05/26/java-pre-master-secret.html
	#
	# Run the application
	# java .... -Djavax.net.debug=ssl,keygen \| extract-pre-master-secret.py keys.log
	#
	# To decode TLS stream in Wireshark
	# 1. select packet with TLS layer
	# 2. right-click and choose "Protocol preferences / Open Transport Layer Security Preferences"
	# 3. select "keys.log" file in (Pre)-Master-Secret log filename
	#

	import sys
	import re

	def extract_data_from_line(line):
	m = re.match('\d+:([ 0-9A-F]{51}) .*', line)
	if m:
	return m.group(1).replace(' ', '')
	else:
	raise line


	def main(args):

	if len(args) != 2:
	sys.exit('Usage: {} logfile.txt'.format(args[0]))

	logfile = open(args[1], 'w')

	parsing_mastersecret_line = 0
	parsing_clientnonce_line = 0

	for line in sys.stdin:
	print(line, end='')

	if parsing_mastersecret_line:
	parsing_mastersecret_line += 1
	if parsing_clientnonce_line:
	parsing_clientnonce_line += 1

	if line == 'Client Nonce:\n':
	parsing_clientnonce_line = 1
	cn = ''
	if 2 <= parsing_clientnonce_line <= 3:
	cn = cn + extract_data_from_line(line)

	if line == 'Master Secret:\n':
	parsing_mastersecret_line = 1
	ms = ""
	if 2 <= parsing_mastersecret_line <= 4:
	ms = ms + extract_data_from_line(line)

	if 5 == parsing_mastersecret_line:
	print('CLIENT_RANDOM {} {}'.format(cn, ms), file=logfile)
	logfile.flush()


	if __name__ == '__main__':
	main(sys.argv)