wireshark tls - 秒客网

想抓一下openfire的包看看，首先要选loopback接口，如果是在本地测试的话。

然后需要搞到rsa私钥，设置好就可以了。

keytool -importkeystore -srckeystore keystore.jks \

    -destkeystore intermediate.p12 -deststoretype PKCS12

Next, use OpenSSL to do the extraction to PEM:

openssl pkcs12 -in intermediate.p12 -out extracted.pem -nodes

http://support.citrix.com/article/CTX135121
http://*.com/questions/150167/how-do-i-list-export-private-keys-from-a-keystore
http://alvinalexander.com/java/java-using-keytool-list-query
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
http://www.cloudshield.com/blog/advanced-malware/how-to-decrypt-openssl-sessions-using-wireshark-and-ssl-session-identifiers/

Psst. Your Browser Knows All Your Secrets.
Quoting Diary: This is a "guest diary" submitted by Sally Vandeven. We will gladly forward any responses or please use our comment/forum section to comment publically. Sally is currently enrolled in the SANS Masters Program. I got to wondering one day how difficult it would be to find the crypto keys used by my browser and a web server for TLS sessions. I figured it would involve a memory dump, volatility, trial and error and maybe a little bit of luck. So I started looking around and like so many things in life….all you have to do is ask. Really. Just ask your browser to give you the secrets and it will! As icing on the cake, Wireshark will read in those secrets and decrypt the data for you. Here’s a quick rundown of the steps: Set up an environment variable called SSLKEYLOGFILE that points to a writable flat text file. Both Firefox and Chrome (relatively current versions) will look for the variable when they start up. If it exists, the browser will write the values used to generate TLS session keys out to that file. The file contents looks like this: 64 byte Client Random Values 96 byte Master Secret 16 byte encrypted pre-master secret 96 bytes pre-master secret The Client_Random entry is for Diffie-Hellman negotiated sessions and the RSA entry is for sessions using RSA or DSA key exchange. If you have the captured TLS encrypted network traffic, these provide the missing pieces needed for decryption. Wireshark can take care of that for you. Again, all you have to do is ask. This is an encrypted TLS session, before giving Wireshark the secrets. Point Wireshark at your file $SSLKEYLOGFILE. Select Edit -> Preferences -> Protocols -> SSL and then OK. To see the decrypted data, use the display filter “ssl && http”. To look at a particular TCP session, right click on any of the entries and choose to “Follow SSL Stream”. This really means “Follow Decrypted SSL Stream”. Notice the new tab at the bottom labeled “Decrypted SSL data”. Incidentally, if you “Follow TCP Stream” you get the encrypted TCP stream. Wireshark’s awesome decryption feature. Below is a sample of a decrypted SSL Stream. It contains a login attempt with username and password, some cookies and other goodies that web servers and browsers commonly exchange. Remember: if you have a file with keys in it and the captured data on your system then anyone that can get their hands on these can decrypt too. Hey, if you are a pen-tester you might try setting be on the lookout for an $SSLKEYLOG variable on your targets. Interesting. Give it a try but, as always, get written permission from yourself before you begin. Thanks for reading. This exploration turned into a full blown paper that you can find here: http://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297	Alex Stanford 66 Posts ISC Handler
Reply Subscribe	1 year ago
To see traffic, you can use Firefox LiveHttpHeaders plugin.	Paul Szabo 7 Posts
Reply Quote	1 year ago
Nice post Alex I just tried to set the environment variable in windows 8 system. Then i ran firefox 23.0 and started browsing in webpages as facebook, or email that uses SSL. Nevertheless no file with SSLKEYLOGFILE data was created...	hecky 2 Posts
Reply Quote	1 year ago
Alex, I just installed FF 23 on a Windows 8 VM and tried it. It seems to work fine. I tried both user environment variable and system environment variable. If you set the variable from the command line only the command shell will see it, not the browser. To set my variable, I brought up Control Panel and searched for "environment". Here you can add a user variable and it takes effect immediately and can be accessed by the browser. It also writes it to the registry in HKCU\Environment. Sally	sallyvdv 2 Posts
Reply Quote	1 year ago
Hey anonymous, thanks. You are right, i just had to set the system enviroment variable frome the control panel and not just in the command prompt. Now it works fine.	hecky 2 Posts
Reply Quote	1 year ago
This worked perfectly for me. Too bad it only works with browsers. Would be cool to be able to capture the e-mail traffic from my workstation to the Exchange server. It uses TLS, as well.	Anonymous 1 Posts
Reply Quote	1 year ago
I was playing with some of this last year in Apache, using the known private key on my server. There's a good discussion in http://sharkfest.wireshark.org/sharkfest.12/presentations/MB-1_SSL_Troubleshooting_with%20_Wireshark_Software.pdf When I tried with Apache, only certain ciphers were decryptable. The SSLv2 ones, and "EXP-*" ciphers in TLS1 and SSLv3, were not. In order to ensure that only decryptable ciphers (or vice-versa) are used, you can set options in Apache or preferences in Firefox. Sorry for being vague, it's been a while. Thanks for the tip re. the environment variable.	Anonymous 5 Posts
Reply Quote	1 year ago
Hi I am a newbie and I don't know how to set up an environment variable called SSLKEYLOGFILE that points to a writable flat text file on a windows 8.1 machine. Could you please show me step by step how to do it? Thanks in advance


但是spark客户端没有使用xep-0138流压缩，没找到选项可以设置。
<stream:stream to="127.0.0.1" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
    
<?xml version='1.0' encoding='UTF-8'?>
<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"></auth>

<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09Im9mLmVmZi5jb20iLG5vbmNlPSJuWWpuZEJ1bEUwVTBNbHhRbjRnTVB4MjdxMVl6T0owUDZ0TlcyVDBWIixxb3A9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
</challenge>

<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iYWRtaW4iLHJlYWxtPSJvZi5lZmYuY29tIixub25jZT0ibllqbmRCdWxFMFUwTWx4UW40Z01QeDI3cTFZek9KMFA2dE5XMlQwViIsbmM9MDAwMDAwMDEsY25vbmNlPSJQVC82dkxPT0Jqc0MwWGl2NGsyWFVYMTlPOGFVenB6NlRLT0N2ZnNUIixkaWdlc3QtdXJpPSJ4bXBwL29mLmVmZi5jb20iLG1heGJ1Zj02NTUzNixyZXNwb25zZT0wNjE3MjU2YTdhZDliYTE0OTViNGYwNjI5YzczYTM1Nyxxb3A9YXV0aCxhdXRoemlkPSJhZG1pbiI=
</response>

<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD0wZmFhNzQ0MzhhYjEyYTA2OWEyNDhmZjU3NWU1MWQwYQ==
</success>

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
        <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
    </stream:features>

<iq id="S87zn-0" type="set">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <resource>Spark 2.6.3</resource>
    </bind>
</iq>

<iq type="result" id="S87zn-0" to="of.eff.com/ee080a0b">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <jid>admin@of.eff.com/Spark 2.6.3</jid>
    </bind>
</iq>

<iq id="S87zn-1" type="set">
    <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</iq>

<iq type="result" id="S87zn-1" to="admin@of.eff.com/Spark 2.6.3" />

<iq id="S87zn-2" type="get">
    <query xmlns="jabber:iq:roster"></query>
</iq>

<iq type="result" id="S87zn-2" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:roster" />
</iq>

<iq id="S87zn-3" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-3" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-4" from="admin@of.eff.com/Spark 2.6.3" type="get">
    <vCard xmlns='vcard-temp' />
</iq>

<iq type="result" id="S87zn-4" to="admin@of.eff.com/Spark 2.6.3">
    <vCard xmlns="vcard-temp" />
</iq>

<iq id="S87zn-5" type="get">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup"></sharedgroup>
</iq>

<iq type="result" id="S87zn-5" to="admin@of.eff.com/Spark 2.6.3">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup" />
</iq>

<presence id="S87zn-6">
    <status>Online</status>
    <priority>1</priority>
</presence>

<presence id="S87zn-6" from="admin@of.eff.com/Spark 2.6.3"
    to="admin@of.eff.com/Spark 2.6.3">
    <status>Online</status>
    <priority>1</priority>
</presence>

<iq id="S87zn-7" type="get">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq type="result" id="S87zn-7" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq id="S87zn-8" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-8" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>
    
<iq id="S87zn-9" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-9" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-10" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-10" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-11" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-11" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-12" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-12" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-13" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-13" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-14" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-14" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-15" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-15" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-16" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-16" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-17" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-17" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-18" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-18" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-19" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-19" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-20" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-20" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-21" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-21" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-22" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-22" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-23" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-23" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-24" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-24" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-25" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-25" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-26" to="127.0.0.1" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="error" id="S87zn-26" to="admin@of.eff.com/Spark 2.6.3"
    from="127.0.0.1">
    <query xmlns="http://jabber.org/protocol/disco#info" />
    <error code="404" type="cancel">
        <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" />
    </error>
</iq>

<iq id="S87zn-27" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-27" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-28" type="get">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

<iq type="result" id="S87zn-28" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

wireshark tls的更多相关文章

【转】Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)
本文转自:http://www.wjdiankong.cn/wireshark%E5%92%8Cfiddler%E5%88%86%E6%9E%90android%E4%B8%AD%E7%9A%84tl ...
使用wireshark分析TLS
1.基本概念 SSL:(Secure Socket Layer,安全套接字层),位于可靠的面向连接的网络层协议和应用层协议之间的一种协议层.SSL通过互相认证.使用数字签名确保完整性.使用加密确保私密 ...
使用wireshark观察SSL/TLS握手过程--双向认证/单向认证
SSL/TLS握手过程可以分成两种类型: 1)SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书.2)SSL/TLS 单向认证,客户端会认证服务器端身份,而服务器端不会去对客户 ...
android黑科技系列——Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)
一.前言在之前一篇文章已经介绍了一款网络访问软件的破解教程,当时采用的突破口是应用程序本身的一个漏洞,就是没有关闭日志信息,我们通过抓取日志获取到关键信息来找到突破口进行破解的.那篇文章也说到了,如 ...
[https][tls] 如何使用wireshark查看tls/https加密消息--使用私钥
之前总结了使用keylog进行https流量分析的方法: [https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog 今天总结一下使用服务器端证书私钥进行h ...
[https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog
姊妹篇: [ipsec][strongswan] 使用wireshark查看strongswan ipsec esp ikev1 ikev2的加密内容 [https][tls] 如何使用wiresha ...
如何利用Wireshark解密SSL和TLS流量
如何利用Wireshark解密SSL和TLS流量https://support.citrix.com/article/CTX135121 1.有server端的private key,直接在wires ...
Wireshark does not show SSL/TLS
why it doesn't show as "TLS/SSL"? Because it's not on the standard port for SSL/TLS. You c ...
使用wireshark捕获SSL/TLS包并分析
原创博客,转载请注出处! TLS运作方式如下图:

随机推荐

MVC之前的那点事儿系列（2）：HttpRuntime详解分析（上）
文章内容从上章文章都知道,asp.net是运行在HttpRuntime里的,但是从CLR如何进入HttpRuntime的,可能大家都不太清晰.本章节就是通过深入分析.Net4的源码来展示其中的重要步 ...
CF 701C They Are Everywhere（尺取法）
题目链接: 传送门 They Are Everywhere time limit per test:2 second memory limit per test:256 megabytes D ...
Hibernate笔记——（ONE TO ONE）一对一
转自:http://ryxxlong.iteye.com/blog/622652 ================= 一对一(one-to-one)实例(Person-IdCard) 一对一的关系在数 ...
交叉编译器安装 gcc version 4&period;3&period;3 (Sourcery G++ Lite 2009q1-203)
安装环境 :ubuntu 14.04 安装包 :toolchain.tar.gz 编译器版本:gcc version 4.3.3 (Sourcery G++ Lite 2009q1- ...
JavaScript判断对象是否含有某个属性
两种方式,但稍有区别 1,in 运算符 1 2 3 var obj = {name:'jack'}; alert('name' in obj); // --> true alert('toStr ...
用 ConfigMap 管理配置 - 每天5分钟玩转 Docker 容器技术（159）
Secret 可以为 Pod 提供密码.Token.私钥等敏感数据:对于一些非敏感数据,比如应用的配置信息,则可以用 ConfigMap. ConfigMap 的创建和使用方式与 Secret 非常类 ...
将Chrome插件Momentum背景图片设为桌面壁纸
Momentum简介 Momentum插件是一款自动更换壁纸,自带时钟,任务日历和工作清单的chrome浏览器插件.官方的解释就是:替换你 Chrome 浏览器默认的“标签页”.里面的图片全部来自50 ...
work2：贪吃蛇
学号:2017*****7219 姓名:邰嘉琛我的码云贪吃蛇项目仓库:https://gitee.com/tjc666/sesnake/tree/master2) 给出你的各项任务完成时间估算与实际消 ...
C++枚举类型Enum及C++11强枚举类型用法
C++中的枚举类型常常和switch配合使用,这里用一个简单的switch控制键盘回调的代码片段来说明枚举的用法: //W A S D 前.后.左.右行走 enum Keydown{ Forward= ...
JavaScript实现页面刷新滚动条位置不变（利用cookie）
实验环境:vs2015 asp.net(C#) 主要原理: 1.在页面滚动时或点击按钮时将当前滚动条位置记录到cookie[pos], 2.页面刷新或重载时查询cookie[pos]中的值是否存在,若 ...