wireshark tls

想抓一下openfire的包看看，首先要选loopback接口，如果是在本地测试的话。

然后需要搞到rsa私钥，设置好就可以了。

keytool -importkeystore -srckeystore keystore.jks \

    -destkeystore intermediate.p12 -deststoretype PKCS12

Next, use OpenSSL to do the extraction to PEM:

openssl pkcs12 -in intermediate.p12 -out extracted.pem -nodes

http://support.citrix.com/article/CTX135121
http://stackoverflow.com/questions/150167/how-do-i-list-export-private-keys-from-a-keystore
http://alvinalexander.com/java/java-using-keytool-list-query
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
http://www.cloudshield.com/blog/advanced-malware/how-to-decrypt-openssl-sessions-using-wireshark-and-ssl-session-identifiers/

Psst. Your Browser Knows All Your Secrets.
Quoting Diary: This is a "guest diary" submitted by Sally Vandeven. We will gladly forward any responses or please use our comment/forum section to comment publically. Sally is currently enrolled in the SANS Masters Program. I got to wondering one day how difficult it would be to find the crypto keys used by my browser and a web server for TLS sessions. I figured it would involve a memory dump, volatility, trial and error and maybe a little bit of luck. So I started looking around and like so many things in life….all you have to do is ask. Really. Just ask your browser to give you the secrets and it will! As icing on the cake, Wireshark will read in those secrets and decrypt the data for you. Here’s a quick rundown of the steps: Set up an environment variable called SSLKEYLOGFILE that points to a writable flat text file. Both Firefox and Chrome (relatively current versions) will look for the variable when they start up. If it exists, the browser will write the values used to generate TLS session keys out to that file. The file contents looks like this: 64 byte Client Random Values 96 byte Master Secret 16 byte encrypted pre-master secret 96 bytes pre-master secret The Client_Random entry is for Diffie-Hellman negotiated sessions and the RSA entry is for sessions using RSA or DSA key exchange. If you have the captured TLS encrypted network traffic, these provide the missing pieces needed for decryption. Wireshark can take care of that for you. Again, all you have to do is ask. This is an encrypted TLS session, before giving Wireshark the secrets. Point Wireshark at your file $SSLKEYLOGFILE. Select Edit -> Preferences -> Protocols -> SSL and then OK. To see the decrypted data, use the display filter “ssl && http”. To look at a particular TCP session, right click on any of the entries and choose to “Follow SSL Stream”. This really means “Follow Decrypted SSL Stream”. Notice the new tab at the bottom labeled “Decrypted SSL data”. Incidentally, if you “Follow TCP Stream” you get the encrypted TCP stream. Wireshark’s awesome decryption feature. Below is a sample of a decrypted SSL Stream. It contains a login attempt with username and password, some cookies and other goodies that web servers and browsers commonly exchange. Remember: if you have a file with keys in it and the captured data on your system then anyone that can get their hands on these can decrypt too. Hey, if you are a pen-tester you might try setting be on the lookout for an $SSLKEYLOG variable on your targets. Interesting. Give it a try but, as always, get written permission from yourself before you begin. Thanks for reading. This exploration turned into a full blown paper that you can find here: http://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297	Alex Stanford 66 Posts ISC Handler
Reply Subscribe	1 year ago
To see traffic, you can use Firefox LiveHttpHeaders plugin.	Paul Szabo 7 Posts
Reply Quote	1 year ago
Nice post Alex I just tried to set the environment variable in windows 8 system. Then i ran firefox 23.0 and started browsing in webpages as facebook, or email that uses SSL. Nevertheless no file with SSLKEYLOGFILE data was created...	hecky 2 Posts
Reply Quote	1 year ago
Alex, I just installed FF 23 on a Windows 8 VM and tried it. It seems to work fine. I tried both user environment variable and system environment variable. If you set the variable from the command line only the command shell will see it, not the browser. To set my variable, I brought up Control Panel and searched for "environment". Here you can add a user variable and it takes effect immediately and can be accessed by the browser. It also writes it to the registry in HKCU\Environment. Sally	sallyvdv 2 Posts
Reply Quote	1 year ago
Hey anonymous, thanks. You are right, i just had to set the system enviroment variable frome the control panel and not just in the command prompt. Now it works fine.	hecky 2 Posts
Reply Quote	1 year ago
This worked perfectly for me. Too bad it only works with browsers. Would be cool to be able to capture the e-mail traffic from my workstation to the Exchange server. It uses TLS, as well.	Anonymous 1 Posts
Reply Quote	1 year ago
I was playing with some of this last year in Apache, using the known private key on my server. There's a good discussion in http://sharkfest.wireshark.org/sharkfest.12/presentations/MB-1_SSL_Troubleshooting_with%20_Wireshark_Software.pdf When I tried with Apache, only certain ciphers were decryptable. The SSLv2 ones, and "EXP-*" ciphers in TLS1 and SSLv3, were not. In order to ensure that only decryptable ciphers (or vice-versa) are used, you can set options in Apache or preferences in Firefox. Sorry for being vague, it's been a while. Thanks for the tip re. the environment variable.	Anonymous 5 Posts
Reply Quote	1 year ago
Hi I am a newbie and I don't know how to set up an environment variable called SSLKEYLOGFILE that points to a writable flat text file on a windows 8.1 machine. Could you please show me step by step how to do it? Thanks in advance


但是spark客户端没有使用xep-0138流压缩，没找到选项可以设置。
<stream:stream to="127.0.0.1" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
    
<?xml version='1.0' encoding='UTF-8'?>
<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"></auth>

<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09Im9mLmVmZi5jb20iLG5vbmNlPSJuWWpuZEJ1bEUwVTBNbHhRbjRnTVB4MjdxMVl6T0owUDZ0TlcyVDBWIixxb3A9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
</challenge>

<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iYWRtaW4iLHJlYWxtPSJvZi5lZmYuY29tIixub25jZT0ibllqbmRCdWxFMFUwTWx4UW40Z01QeDI3cTFZek9KMFA2dE5XMlQwViIsbmM9MDAwMDAwMDEsY25vbmNlPSJQVC82dkxPT0Jqc0MwWGl2NGsyWFVYMTlPOGFVenB6NlRLT0N2ZnNUIixkaWdlc3QtdXJpPSJ4bXBwL29mLmVmZi5jb20iLG1heGJ1Zj02NTUzNixyZXNwb25zZT0wNjE3MjU2YTdhZDliYTE0OTViNGYwNjI5YzczYTM1Nyxxb3A9YXV0aCxhdXRoemlkPSJhZG1pbiI=
</response>

<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD0wZmFhNzQ0MzhhYjEyYTA2OWEyNDhmZjU3NWU1MWQwYQ==
</success>

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
        <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
    </stream:features>

<iq id="S87zn-0" type="set">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <resource>Spark 2.6.3</resource>
    </bind>
</iq>

<iq type="result" id="S87zn-0" to="of.eff.com/ee080a0b">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <jid>admin@of.eff.com/Spark 2.6.3</jid>
    </bind>
</iq>

<iq id="S87zn-1" type="set">
    <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</iq>

<iq type="result" id="S87zn-1" to="admin@of.eff.com/Spark 2.6.3" />

<iq id="S87zn-2" type="get">
    <query xmlns="jabber:iq:roster"></query>
</iq>

<iq type="result" id="S87zn-2" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:roster" />
</iq>

<iq id="S87zn-3" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-3" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-4" from="admin@of.eff.com/Spark 2.6.3" type="get">
    <vCard xmlns='vcard-temp' />
</iq>

<iq type="result" id="S87zn-4" to="admin@of.eff.com/Spark 2.6.3">
    <vCard xmlns="vcard-temp" />
</iq>

<iq id="S87zn-5" type="get">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup"></sharedgroup>
</iq>

<iq type="result" id="S87zn-5" to="admin@of.eff.com/Spark 2.6.3">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup" />
</iq>

<presence id="S87zn-6">
    <status>Online</status>
    <priority>1</priority>
</presence>

<presence id="S87zn-6" from="admin@of.eff.com/Spark 2.6.3"
    to="admin@of.eff.com/Spark 2.6.3">
    <status>Online</status>
    <priority>1</priority>
</presence>

<iq id="S87zn-7" type="get">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq type="result" id="S87zn-7" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq id="S87zn-8" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-8" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>
    
<iq id="S87zn-9" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-9" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-10" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-10" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-11" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-11" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-12" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-12" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-13" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-13" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-14" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-14" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-15" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-15" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-16" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-16" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-17" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-17" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-18" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-18" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-19" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-19" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-20" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-20" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-21" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-21" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-22" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-22" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-23" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-23" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-24" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-24" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-25" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-25" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-26" to="127.0.0.1" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="error" id="S87zn-26" to="admin@of.eff.com/Spark 2.6.3"
    from="127.0.0.1">
    <query xmlns="http://jabber.org/protocol/disco#info" />
    <error code="404" type="cancel">
        <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" />
    </error>
</iq>

<iq id="S87zn-27" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-27" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-28" type="get">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

<iq type="result" id="S87zn-28" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

wireshark tls的更多相关文章

【转】Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)
本文转自:http://www.wjdiankong.cn/wireshark%E5%92%8Cfiddler%E5%88%86%E6%9E%90android%E4%B8%AD%E7%9A%84tl ...
使用wireshark分析TLS
1.基本概念 SSL:(Secure Socket Layer,安全套接字层),位于可靠的面向连接的网络层协议和应用层协议之间的一种协议层.SSL通过互相认证.使用数字签名确保完整性.使用加密确保私密 ...
使用wireshark观察SSL/TLS握手过程--双向认证/单向认证
SSL/TLS握手过程可以分成两种类型: 1)SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书.2)SSL/TLS 单向认证,客户端会认证服务器端身份,而服务器端不会去对客户 ...
android黑科技系列——Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)
一.前言在之前一篇文章已经介绍了一款网络访问软件的破解教程,当时采用的突破口是应用程序本身的一个漏洞,就是没有关闭日志信息,我们通过抓取日志获取到关键信息来找到突破口进行破解的.那篇文章也说到了,如 ...
[https][tls] 如何使用wireshark查看tls/https加密消息--使用私钥
之前总结了使用keylog进行https流量分析的方法: [https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog 今天总结一下使用服务器端证书私钥进行h ...
[https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog
姊妹篇: [ipsec][strongswan] 使用wireshark查看strongswan ipsec esp ikev1 ikev2的加密内容 [https][tls] 如何使用wiresha ...
如何利用Wireshark解密SSL和TLS流量
如何利用Wireshark解密SSL和TLS流量https://support.citrix.com/article/CTX135121 1.有server端的private key,直接在wires ...
Wireshark does not show SSL/TLS
why it doesn't show as "TLS/SSL"? Because it's not on the standard port for SSL/TLS. You c ...
使用wireshark捕获SSL/TLS包并分析
原创博客,转载请注出处! TLS运作方式如下图:

随机推荐

线段树+dp+贪心 Codeforces Round #353 (Div. 2) E
http://codeforces.com/contest/675/problem/E 题目大意:有n个车站,每个车站只能买一张票,这张票能从i+1到a[i].定义p[i][j]为从i到j所需要买的最 ...
diff
http://www.ruanyifeng.com/blog/2012/08/how_to_read_diff.html 读懂diff 作者: 阮一峰日期: 2012年8月29日 diff是Un ...
查看SQL Server 2008的版本及位数
如何查看SQL Server 2008的版本及位数及SP版本: 登录SQL Server,找到“SQL查询分析器”,输入“Select @@version”,运行,即可看出版本及SP版本. 该方法适用 ...
Mybatis——helloWorld级程序
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE configuration PUBLIC & ...
OpenLayer 3 鹰眼控件和全屏显示
<body> <div id="map"></div> <script> var map=new ol.Map({ target:& ...
POJ 2031 Building a Space Station 最小生成树模板
题目大意:在三维坐标中给出n个细胞的x,y,z坐标和半径r.如果两个点相交或相切则不用修路,否则修一条路连接两个细胞的表面,求最小生成树. 题目思路:最小生成树树模板过了,没啥说的 #include& ...
Windows下Apache+Django+mod_wsgi的static和media问题处理
配置好了Apache可以访问Django工程了(参见前篇:Windows编译安装mod_wsgi,配合使用Django+Apahce) 但是Django中的static.media等文件Apache是 ...
理解free命令
free的输出: total used free shared buffers cached Mem: -/+ buffers/cache: Swap: 第一行: total:总内存 used:已使用 ...
DLL、lib等链接库文件的使用
由于遇见过多次动态链接库的使用,自己也写过DLL,每次都要费好大劲去配置,现在就简单的总结一下,争取以后少走弯路! 一般都会有三个文件: .h 头文件 .lib 静态链接库 .dll 动态链接库 ...
Ubuntu系统如何修改主机名
1.执行命令 hostname temp_name 这样主机名就改掉了.只不过重启后名字会恢复不一定使我们想要的.机器重启后会重新去读取/etc/hostname里面存储的主机名.所以如果想永久改掉的 ...

wireshark tls

wireshark tls的更多相关文章

随机推荐

热门专题