Extracting Syncthing TLS secrets
68 views
Skip to first unread message
Tmore1
Jun 17, 2022, 5:44:19 PM6/17/22
to golan...@googlegroups.com
Hi,
I'm not sure if this is really a Wireshark, Go, or Syncthing question;
I tried the Wireshark dev list [0] but got no response, so I figured
I'll try here:
I'm working on a Wireshark Syncthing dissector [1]. Since most of the
Syncthing protocols are encapsulated in TLS, I need to provide the TLS
secrets to Wireshark.
I read this:
https://wiki.wireshark.org/TLS
Syncthing is written in Go, so I patched it to export TLS secrets:
https://github.com/tmo1/syncthing/blob/f770faca1bee4d5b12346c5ac78cd4f6ac3a6012/lib/syncthing/syncthing.go#L273
This works, and various stuff is written to the specified file, but
providing that file to Wireshark doesn't enable TLS decryption. I
examined the file, and I see that it contains
CLIENT_HANDSHAKE_TRAFFIC_SECRET, SERVER_HANDSHAKE_TRAFFIC_SECRET,
CLIENT_TRAFFIC_SECRET_0, and SERVER_TRAFFIC_SECRET_0 lines, but not the
critical CLIENT_RANDOM lines. Am I doing something wrong or missing
something?
[0] https://www.wireshark.org/lists/wireshark-dev/202206/msg00005.html
[1] https://github.com/tmo1/wireshark-syncthing-dissector
--
Tmore1 <tmo...@gmx.com>
I'm not sure if this is really a Wireshark, Go, or Syncthing question;
I tried the Wireshark dev list [0] but got no response, so I figured
I'll try here:
I'm working on a Wireshark Syncthing dissector [1]. Since most of the
Syncthing protocols are encapsulated in TLS, I need to provide the TLS
secrets to Wireshark.
I read this:
https://wiki.wireshark.org/TLS
Syncthing is written in Go, so I patched it to export TLS secrets:
https://github.com/tmo1/syncthing/blob/f770faca1bee4d5b12346c5ac78cd4f6ac3a6012/lib/syncthing/syncthing.go#L273
This works, and various stuff is written to the specified file, but
providing that file to Wireshark doesn't enable TLS decryption. I
examined the file, and I see that it contains
CLIENT_HANDSHAKE_TRAFFIC_SECRET, SERVER_HANDSHAKE_TRAFFIC_SECRET,
CLIENT_TRAFFIC_SECRET_0, and SERVER_TRAFFIC_SECRET_0 lines, but not the
critical CLIENT_RANDOM lines. Am I doing something wrong or missing
something?
[0] https://www.wireshark.org/lists/wireshark-dev/202206/msg00005.html
[1] https://github.com/tmo1/wireshark-syncthing-dissector
--
Tmore1 <tmo...@gmx.com>
Reply all
Reply to author
Forward
0 new messages