wireshark tls

想抓一下openfire的包看看，首先要选loopback接口，如果是在本地测试的话。

然后需要搞到rsa私钥，设置好就可以了。

keytool -importkeystore -srckeystore keystore.jks \

    -destkeystore intermediate.p12 -deststoretype PKCS12

Next, use OpenSSL to do the extraction to PEM:

openssl pkcs12 -in intermediate.p12 -out extracted.pem -nodes

http://support.citrix.com/article/CTX135121
http://stackoverflow.com/questions/150167/how-do-i-list-export-private-keys-from-a-keystore
http://alvinalexander.com/java/java-using-keytool-list-query
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
http://www.cloudshield.com/blog/advanced-malware/how-to-decrypt-openssl-sessions-using-wireshark-and-ssl-session-identifiers/

Psst. Your Browser Knows All Your Secrets.
Quoting Diary: This is a "guest diary" submitted by Sally Vandeven. We will gladly forward any responses or please use our comment/forum section to comment publically. Sally is currently enrolled in the SANS Masters Program. I got to wondering one day how difficult it would be to find the crypto keys used by my browser and a web server for TLS sessions. I figured it would involve a memory dump, volatility, trial and error and maybe a little bit of luck. So I started looking around and like so many things in life….all you have to do is ask. Really. Just ask your browser to give you the secrets and it will! As icing on the cake, Wireshark will read in those secrets and decrypt the data for you. Here’s a quick rundown of the steps: Set up an environment variable called SSLKEYLOGFILE that points to a writable flat text file. Both Firefox and Chrome (relatively current versions) will look for the variable when they start up. If it exists, the browser will write the values used to generate TLS session keys out to that file. The file contents looks like this: 64 byte Client Random Values 96 byte Master Secret 16 byte encrypted pre-master secret 96 bytes pre-master secret The Client_Random entry is for Diffie-Hellman negotiated sessions and the RSA entry is for sessions using RSA or DSA key exchange. If you have the captured TLS encrypted network traffic, these provide the missing pieces needed for decryption. Wireshark can take care of that for you. Again, all you have to do is ask. This is an encrypted TLS session, before giving Wireshark the secrets. Point Wireshark at your file $SSLKEYLOGFILE. Select Edit -> Preferences -> Protocols -> SSL and then OK. To see the decrypted data, use the display filter “ssl && http”. To look at a particular TCP session, right click on any of the entries and choose to “Follow SSL Stream”. This really means “Follow Decrypted SSL Stream”. Notice the new tab at the bottom labeled “Decrypted SSL data”. Incidentally, if you “Follow TCP Stream” you get the encrypted TCP stream. Wireshark’s awesome decryption feature. Below is a sample of a decrypted SSL Stream. It contains a login attempt with username and password, some cookies and other goodies that web servers and browsers commonly exchange. Remember: if you have a file with keys in it and the captured data on your system then anyone that can get their hands on these can decrypt too. Hey, if you are a pen-tester you might try setting be on the lookout for an $SSLKEYLOG variable on your targets. Interesting. Give it a try but, as always, get written permission from yourself before you begin. Thanks for reading. This exploration turned into a full blown paper that you can find here: http://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297	Alex Stanford 66 Posts ISC Handler
Reply Subscribe	1 year ago
To see traffic, you can use Firefox LiveHttpHeaders plugin.	Paul Szabo 7 Posts
Reply Quote	1 year ago
Nice post Alex I just tried to set the environment variable in windows 8 system. Then i ran firefox 23.0 and started browsing in webpages as facebook, or email that uses SSL. Nevertheless no file with SSLKEYLOGFILE data was created...	hecky 2 Posts
Reply Quote	1 year ago
Alex, I just installed FF 23 on a Windows 8 VM and tried it. It seems to work fine. I tried both user environment variable and system environment variable. If you set the variable from the command line only the command shell will see it, not the browser. To set my variable, I brought up Control Panel and searched for "environment". Here you can add a user variable and it takes effect immediately and can be accessed by the browser. It also writes it to the registry in HKCU\Environment. Sally	sallyvdv 2 Posts
Reply Quote	1 year ago
Hey anonymous, thanks. You are right, i just had to set the system enviroment variable frome the control panel and not just in the command prompt. Now it works fine.	hecky 2 Posts
Reply Quote	1 year ago
This worked perfectly for me. Too bad it only works with browsers. Would be cool to be able to capture the e-mail traffic from my workstation to the Exchange server. It uses TLS, as well.	Anonymous 1 Posts
Reply Quote	1 year ago
I was playing with some of this last year in Apache, using the known private key on my server. There's a good discussion in http://sharkfest.wireshark.org/sharkfest.12/presentations/MB-1_SSL_Troubleshooting_with%20_Wireshark_Software.pdf When I tried with Apache, only certain ciphers were decryptable. The SSLv2 ones, and "EXP-*" ciphers in TLS1 and SSLv3, were not. In order to ensure that only decryptable ciphers (or vice-versa) are used, you can set options in Apache or preferences in Firefox. Sorry for being vague, it's been a while. Thanks for the tip re. the environment variable.	Anonymous 5 Posts
Reply Quote	1 year ago
Hi I am a newbie and I don't know how to set up an environment variable called SSLKEYLOGFILE that points to a writable flat text file on a windows 8.1 machine. Could you please show me step by step how to do it? Thanks in advance


但是spark客户端没有使用xep-0138流压缩，没找到选项可以设置。
<stream:stream to="127.0.0.1" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
    
<?xml version='1.0' encoding='UTF-8'?>
<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"></auth>

<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09Im9mLmVmZi5jb20iLG5vbmNlPSJuWWpuZEJ1bEUwVTBNbHhRbjRnTVB4MjdxMVl6T0owUDZ0TlcyVDBWIixxb3A9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
</challenge>

<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iYWRtaW4iLHJlYWxtPSJvZi5lZmYuY29tIixub25jZT0ibllqbmRCdWxFMFUwTWx4UW40Z01QeDI3cTFZek9KMFA2dE5XMlQwViIsbmM9MDAwMDAwMDEsY25vbmNlPSJQVC82dkxPT0Jqc0MwWGl2NGsyWFVYMTlPOGFVenB6NlRLT0N2ZnNUIixkaWdlc3QtdXJpPSJ4bXBwL29mLmVmZi5jb20iLG1heGJ1Zj02NTUzNixyZXNwb25zZT0wNjE3MjU2YTdhZDliYTE0OTViNGYwNjI5YzczYTM1Nyxxb3A9YXV0aCxhdXRoemlkPSJhZG1pbiI=
</response>

<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD0wZmFhNzQ0MzhhYjEyYTA2OWEyNDhmZjU3NWU1MWQwYQ==
</success>

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
        <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
    </stream:features>

<iq id="S87zn-0" type="set">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <resource>Spark 2.6.3</resource>
    </bind>
</iq>

<iq type="result" id="S87zn-0" to="of.eff.com/ee080a0b">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <jid>admin@of.eff.com/Spark 2.6.3</jid>
    </bind>
</iq>

<iq id="S87zn-1" type="set">
    <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</iq>

<iq type="result" id="S87zn-1" to="admin@of.eff.com/Spark 2.6.3" />

<iq id="S87zn-2" type="get">
    <query xmlns="jabber:iq:roster"></query>
</iq>

<iq type="result" id="S87zn-2" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:roster" />
</iq>

<iq id="S87zn-3" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-3" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-4" from="admin@of.eff.com/Spark 2.6.3" type="get">
    <vCard xmlns='vcard-temp' />
</iq>

<iq type="result" id="S87zn-4" to="admin@of.eff.com/Spark 2.6.3">
    <vCard xmlns="vcard-temp" />
</iq>

<iq id="S87zn-5" type="get">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup"></sharedgroup>
</iq>

<iq type="result" id="S87zn-5" to="admin@of.eff.com/Spark 2.6.3">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup" />
</iq>

<presence id="S87zn-6">
    <status>Online</status>
    <priority>1</priority>
</presence>

<presence id="S87zn-6" from="admin@of.eff.com/Spark 2.6.3"
    to="admin@of.eff.com/Spark 2.6.3">
    <status>Online</status>
    <priority>1</priority>
</presence>

<iq id="S87zn-7" type="get">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq type="result" id="S87zn-7" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq id="S87zn-8" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-8" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>
    
<iq id="S87zn-9" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-9" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-10" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-10" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-11" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-11" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-12" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-12" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-13" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-13" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-14" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-14" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-15" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-15" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-16" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-16" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-17" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-17" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-18" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-18" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-19" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-19" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-20" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-20" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-21" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-21" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-22" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-22" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-23" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-23" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-24" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-24" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-25" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-25" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-26" to="127.0.0.1" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="error" id="S87zn-26" to="admin@of.eff.com/Spark 2.6.3"
    from="127.0.0.1">
    <query xmlns="http://jabber.org/protocol/disco#info" />
    <error code="404" type="cancel">
        <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" />
    </error>
</iq>

<iq id="S87zn-27" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-27" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-28" type="get">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

<iq type="result" id="S87zn-28" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

wireshark tls的更多相关文章

【转】Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)
本文转自:http://www.wjdiankong.cn/wireshark%E5%92%8Cfiddler%E5%88%86%E6%9E%90android%E4%B8%AD%E7%9A%84tl ...
使用wireshark分析TLS
1.基本概念 SSL:(Secure Socket Layer,安全套接字层),位于可靠的面向连接的网络层协议和应用层协议之间的一种协议层.SSL通过互相认证.使用数字签名确保完整性.使用加密确保私密 ...
使用wireshark观察SSL/TLS握手过程--双向认证/单向认证
SSL/TLS握手过程可以分成两种类型: 1)SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书.2)SSL/TLS 单向认证,客户端会认证服务器端身份,而服务器端不会去对客户 ...
android黑科技系列——Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)
一.前言在之前一篇文章已经介绍了一款网络访问软件的破解教程,当时采用的突破口是应用程序本身的一个漏洞,就是没有关闭日志信息,我们通过抓取日志获取到关键信息来找到突破口进行破解的.那篇文章也说到了,如 ...
[https][tls] 如何使用wireshark查看tls/https加密消息--使用私钥
之前总结了使用keylog进行https流量分析的方法: [https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog 今天总结一下使用服务器端证书私钥进行h ...
[https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog
姊妹篇: [ipsec][strongswan] 使用wireshark查看strongswan ipsec esp ikev1 ikev2的加密内容 [https][tls] 如何使用wiresha ...
如何利用Wireshark解密SSL和TLS流量
如何利用Wireshark解密SSL和TLS流量https://support.citrix.com/article/CTX135121 1.有server端的private key,直接在wires ...
Wireshark does not show SSL/TLS
why it doesn't show as "TLS/SSL"? Because it's not on the standard port for SSL/TLS. You c ...
使用wireshark捕获SSL/TLS包并分析
原创博客,转载请注出处! TLS运作方式如下图:

随机推荐

undefined与null
undefined 声明的变量尚未初始化 null 对象尚未存在 eg: var a; console.log(typeof a); 输出undefined var b= document.getEl ...
【经典dp】 poj 3671
开一个dp[30010][3]的数组其中dp[i][j]表示把第i个数改成j最少要花多少次那么状态转移方程就列出来了: 令a=1 j!=a[i] 0 j==a[i] 那么dp[i][1]=dp[i ...
虚拟机centos分区
在计算机上安装 Linux 系统,对硬盘进行分区是一个非常重要的步骤,下面介绍几个分区方案. 方案 1 / :建议大小在 5GB 以上. swap :即交换分区,建议大小是物理内存的 1~2 倍. 方 ...
javaweb 国际化
国际化又称为 i18n:internationalization 软件实现国际化,需具备哪些特征:对于程序中固定使用的文本元素,例如菜单栏.导航条等中使用的文本元素.或错误提示信息,状态信息等,需要根 ...
dirname(_file_) DIRECTORY_SEPARATOR
<?php echo __FILE__ ; // 取得当前文件的绝对地址,结果:D:\www\test.php echo dirname(__FILE__); // 取得当前文件所在的绝对目录, ...
Swift: Alamofire -> http请求 & ObjectMapper -> 解析JSON
1 2 3 4 5 6 7 8 9 10 11 NSURL *URL = [NSURL URLWithString:@"http://example.com/resources/123.js ...
java 数据结构栈的实现
java数据结构之栈的实现,可是入栈,出栈操作: /** * java数据结构之栈的实现 * 2016/4/26 **/ package cn.Link; public class Stack{ No ...
深入解析FileInputStream和FileOutputStream
http://swiftlet.net/archives/1363 FileInputStream和FileOutputStream类属于字节类,可以操作任意类型的文件.在数据流的处理过程中,有两种情 ...
Android 系统编译
最近研究了下Android 的编译系统,下面结合编译我们自己的产品 mobot 来对整个编译系统进行必要的介绍,方便大家今后对默认编译的修改. 先列出几个觉得重要的Make 文件: build/bu ...
使用libvirt做适配的kvm虚拟机window server 2008 磁盘性能的提升
实验室自己做了一个iaas的项目,当时是为了更方面的在kvm和xen下进行迁移,所以选择了libvirt作为适配层. 昨天简单的测试一了一下我们跟qingcloud的性能对比.我们的linux主机性能 ...

wireshark tls

wireshark tls的更多相关文章

随机推荐

热门专题