Getting Certs Out of Wireshark
Packet capture tools are oscilloscopes to network programmers, I couldn't get
anything done without near continual use of
tcpdump
and
wireshark
. In a
pinch
tcpdump can
be used instead of writing server code
.
Wireshark has support for a load of protocols and can really help with debugging. Recently I added dtls support to NEAT . DTLS is a protocol enhancement to TLS to support datagram traffic, when it is working all of the traffic is basically random noise.
I had trouble gettting server certs to work correctly with DTLS, thankfully Wireshark can reassemble the datagrams into a coherent certificate and export the data out to a file. I can use this to manually check the cert is being sent correctly.
The process is something like this:
1. Import pcap
2. Find the full reassembled server hello
3. Expand the DTLS body
4. Expand the DTLS Record, Certificate (Reassembled)
5. Right click on 'Handshake Protocol: Certificate(Reassembled)'
6. Select Export Packet Bytes
After than I had a TLS Cert in
DER format
, DER is just he raw cert bytes.
With this I could then verify using
openssl
that the cert chain was valid.
Reading: Abaddon's Gate