想抓一下openfire的包看看,首先要选loopback接口,如果是在本地测试的话。

然后需要搞到rsa私钥,设置好就可以了。

keytool -importkeystore -srckeystore keystore.jks \

    -destkeystore intermediate.p12 -deststoretype PKCS12

Next, use OpenSSL to do the extraction to PEM:

openssl pkcs12 -in intermediate.p12 -out extracted.pem -nodes

http://support.citrix.com/article/CTX135121
http://stackoverflow.com/questions/150167/how-do-i-list-export-private-keys-from-a-keystore
http://alvinalexander.com/java/java-using-keytool-list-query
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
http://www.cloudshield.com/blog/advanced-malware/how-to-decrypt-openssl-sessions-using-wireshark-and-ssl-session-identifiers/
Psst. Your Browser Knows All Your Secrets.

Quoting Diary:

This is a "guest diary" submitted by Sally Vandeven. We will gladly forward any responses or please use our comment/forum section to comment publically. Sally is currently enrolled in the SANS Masters Program.

I got to wondering one day how difficult it would be to find the crypto keys used by my browser and a web server for TLS sessions.  I figured it would involve a memory dump, volatility, trial and error and maybe a little bit of luck.  So I started looking around and like so many things in life….all you have to do is ask.  Really.  Just ask your browser to give you the secrets and it will!  As icing on the cake, Wireshark will read in those secrets and decrypt the data for you.   Here’s a quick rundown of the steps:

Set up an environment variable called SSLKEYLOGFILE that points to a writable flat text file.  Both Firefox and Chrome (relatively current versions) will look for the variable when they start up.  If it exists, the browser will write the values used to generate TLS session keys out to that file.

The file contents looks like this:

64 byte Client Random Values
96 byte Master Secret
16 byte encrypted pre-master secret
96 bytes pre-master secret

The Client_Random entry is for Diffie-Hellman negotiated sessions and
the RSA entry is for sessions using RSA or DSA key exchange.  If you
have the captured TLS encrypted network traffic, these provide the
missing pieces needed for decryption.  Wireshark can take care of that
for you.  Again, all you have to do is ask.

This is an encrypted TLS session, before giving Wireshark the secrets.

Point Wireshark at your file $SSLKEYLOGFILE.  Select Edit -> Preferences -> Protocols -> SSL  and then OK.

To see the decrypted data, use the display filter “ssl &&
http”.  To look at a particular TCP session, right click on any of the
entries and choose to “Follow  SSL Stream”.  This really means “Follow
Decrypted SSL Stream”.   Notice the new tab at the bottom labeled
“Decrypted SSL data”.  Incidentally, if you “Follow TCP Stream” you get
the encrypted TCP stream.

Wireshark’s awesome decryption feature.

Below is a sample of a decrypted SSL Stream.  It contains a login
attempt with username and password, some cookies and other goodies that
web servers and browsers commonly exchange.

Remember: if you have a file with keys in it and the captured data on
your system then anyone that can get their hands on these can decrypt
too.  Hey, if you are a pen-tester you might try setting be on the lookout for an $SSLKEYLOG variable on your targets.  Interesting.

Give it a try but, as always, get written permission from yourself before you begin. Thanks for reading.

This exploration turned into a full blown paper that you can find here:
http://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297

 Alex Stanford

66 Posts
ISC Handler
Reply
Subscribe 		1 year ago
To see traffic, you can use Firefox LiveHttpHeaders plugin.
 Paul Szabo

7 Posts
Reply
Quote 		1 year ago
Nice post Alex

I just tried to set the environment variable in windows 8 system. Then i
ran firefox 23.0 and started browsing in webpages as facebook, or email
that uses SSL. Nevertheless no file with SSLKEYLOGFILE data was
created...

 hecky

2 Posts
Reply
Quote 		1 year ago
Alex,
I just installed FF 23 on a Windows 8 VM and tried it. It seems to work
fine. I tried both user environment variable and system environment
variable. If you set the variable from the command line only the
command shell will see it, not the browser. To set my variable, I
brought up Control Panel and searched for "environment". Here you can
add a user variable and it takes effect immediately and can be accessed
by the browser. It also writes it to the registry in HKCU\Environment.

Sally

 sallyvdv

2 Posts
Reply
Quote 		1 year ago
Hey anonymous, thanks.

You are right, i just had to set the system enviroment variable frome the control panel and not just in the command prompt.

Now it works fine.

 hecky

2 Posts
Reply
Quote 		1 year ago
This worked perfectly
for me. Too bad it only works with browsers. Would be cool to be able to
capture the e-mail traffic from my workstation to the Exchange server.
It uses TLS, as well.
 Anonymous

1 Posts
Reply
Quote 		1 year ago
I was playing with some of this last year in Apache, using the known private key on my server.
There's a good discussion in
http://sharkfest.wireshark.org/sharkfest.12/presentations/MB-1_SSL_Troubleshooting_with%20_Wireshark_Software.pdf

When I tried with Apache, only certain ciphers were decryptable. The
SSLv2 ones, and "EXP-*" ciphers in TLS1 and SSLv3, were not. In order to
ensure that only decryptable ciphers (or vice-versa) are used, you can
set options in Apache or preferences in Firefox.

Sorry for being vague, it's been a while. Thanks for the tip re. the environment variable.

 Anonymous

5 Posts
Reply
Quote 		1 year ago
Hi
I am a newbie and I don't know how to set up an environment variable
called SSLKEYLOGFILE that points to a writable flat text file on a
windows 8.1 machine. Could you please show me step by step how to do it?
Thanks in advance
 

但是spark客户端没有使用xep-0138流压缩,没找到选项可以设置。
<stream:stream to="127.0.0.1" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
    
<?xml version='1.0' encoding='UTF-8'?>
<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"></auth>

<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09Im9mLmVmZi5jb20iLG5vbmNlPSJuWWpuZEJ1bEUwVTBNbHhRbjRnTVB4MjdxMVl6T0owUDZ0TlcyVDBWIixxb3A9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
</challenge>

<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iYWRtaW4iLHJlYWxtPSJvZi5lZmYuY29tIixub25jZT0ibllqbmRCdWxFMFUwTWx4UW40Z01QeDI3cTFZek9KMFA2dE5XMlQwViIsbmM9MDAwMDAwMDEsY25vbmNlPSJQVC82dkxPT0Jqc0MwWGl2NGsyWFVYMTlPOGFVenB6NlRLT0N2ZnNUIixkaWdlc3QtdXJpPSJ4bXBwL29mLmVmZi5jb20iLG1heGJ1Zj02NTUzNixyZXNwb25zZT0wNjE3MjU2YTdhZDliYTE0OTViNGYwNjI5YzczYTM1Nyxxb3A9YXV0aCxhdXRoemlkPSJhZG1pbiI=
</response>

<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD0wZmFhNzQ0MzhhYjEyYTA2OWEyNDhmZjU3NWU1MWQwYQ==
</success>

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
        <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
    </stream:features>

<iq id="S87zn-0" type="set">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <resource>Spark 2.6.3</resource>
    </bind>
</iq>

<iq type="result" id="S87zn-0" to="of.eff.com/ee080a0b">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <jid>admin@of.eff.com/Spark 2.6.3</jid>
    </bind>
</iq>

<iq id="S87zn-1" type="set">
    <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</iq>

<iq type="result" id="S87zn-1" to="admin@of.eff.com/Spark 2.6.3" />

<iq id="S87zn-2" type="get">
    <query xmlns="jabber:iq:roster"></query>
</iq>

<iq type="result" id="S87zn-2" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:roster" />
</iq>

<iq id="S87zn-3" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-3" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-4" from="admin@of.eff.com/Spark 2.6.3" type="get">
    <vCard xmlns='vcard-temp' />
</iq>

<iq type="result" id="S87zn-4" to="admin@of.eff.com/Spark 2.6.3">
    <vCard xmlns="vcard-temp" />
</iq>

<iq id="S87zn-5" type="get">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup"></sharedgroup>
</iq>

<iq type="result" id="S87zn-5" to="admin@of.eff.com/Spark 2.6.3">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup" />
</iq>

<presence id="S87zn-6">
    <status>Online</status>
    <priority>1</priority>
</presence>

<presence id="S87zn-6" from="admin@of.eff.com/Spark 2.6.3"
    to="admin@of.eff.com/Spark 2.6.3">
    <status>Online</status>
    <priority>1</priority>
</presence>

<iq id="S87zn-7" type="get">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq type="result" id="S87zn-7" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq id="S87zn-8" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-8" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>
    
<iq id="S87zn-9" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-9" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-10" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-10" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-11" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-11" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-12" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-12" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-13" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-13" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-14" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-14" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-15" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-15" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-16" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-16" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-17" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-17" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-18" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-18" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-19" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-19" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-20" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-20" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-21" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-21" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-22" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-22" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-23" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-23" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-24" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-24" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-25" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-25" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-26" to="127.0.0.1" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="error" id="S87zn-26" to="admin@of.eff.com/Spark 2.6.3"
    from="127.0.0.1">
    <query xmlns="http://jabber.org/protocol/disco#info" />
    <error code="404" type="cancel">
        <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" />
    </error>
</iq>

<iq id="S87zn-27" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-27" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-28" type="get">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

<iq type="result" id="S87zn-28" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

wireshark tls的更多相关文章

  1. 【转】Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)

    本文转自:http://www.wjdiankong.cn/wireshark%E5%92%8Cfiddler%E5%88%86%E6%9E%90android%E4%B8%AD%E7%9A%84tl ...

  2. 使用wireshark分析TLS

    1.基本概念 SSL:(Secure Socket Layer,安全套接字层),位于可靠的面向连接的网络层协议和应用层协议之间的一种协议层.SSL通过互相认证.使用数字签名确保完整性.使用加密确保私密 ...

  3. 使用wireshark观察SSL/TLS握手过程--双向认证/单向认证

    SSL/TLS握手过程可以分成两种类型: 1)SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书.2)SSL/TLS 单向认证,客户端会认证服务器端身份,而服务器端不会去对客户 ...

  4. android黑科技系列——Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)

    一.前言 在之前一篇文章已经介绍了一款网络访问软件的破解教程,当时采用的突破口是应用程序本身的一个漏洞,就是没有关闭日志信息,我们通过抓取日志获取到关键信息来找到突破口进行破解的.那篇文章也说到了,如 ...

  5. [https][tls] 如何使用wireshark查看tls/https加密消息--使用私钥

    之前总结了使用keylog进行https流量分析的方法: [https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog 今天总结一下使用服务器端证书私钥进行h ...

  6. [https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog

    姊妹篇: [ipsec][strongswan] 使用wireshark查看strongswan ipsec esp ikev1 ikev2的加密内容 [https][tls] 如何使用wiresha ...

  7. 如何利用Wireshark解密SSL和TLS流量

    如何利用Wireshark解密SSL和TLS流量https://support.citrix.com/article/CTX135121 1.有server端的private key,直接在wires ...

  8. Wireshark does not show SSL/TLS

    why it doesn't show as "TLS/SSL"? Because it's not on the standard port for SSL/TLS. You c ...

  9. 使用wireshark捕获SSL/TLS包并分析

    原创博客,转载请注出处! TLS运作方式如下图:

随机推荐

  1. Asp:Cookies应用指南

    实际上,在web开发中,cookie仅仅是一个文本文件,当用户访问站点时,它就被存储在用户使用的计算机上,其中,保存了 一些信息,当用户日后再次访问这个站点时,web可以将这些信息提取出来.    尽 ...

  2. slf4j(simple logging facade for java)

    http://www.tuicool.com/articles/IfeUfq   slf4j(simple logging facade for java)是Java的简单的日志门面,它 不是具体的日 ...

  3. Automatic Trading

    Automatic Trading A brokerage firm is interested in detecting automatic trading. They believe that a ...

  4. Hibernate 系列教程17-查询缓存

    在二级缓存配置成功的基础上进行查询缓存配置 Product public class Product { private Long id; private String name; Product.h ...

  5. HDU 2844 Coins 背包问题 + 二进制优化

    题目大意:某个人有n种硬币,每种硬币价值为v,数量为c,问在总价值不超过m的条件下,最多有多少种组合方式. 题目思路: 1.对于某种硬币 如果v*c 大于 m,就意味着无论取多少枚硬币,只要总价值不大 ...

  6. android执行外部命令、检测文件是否存在、自动检测U盘路径

    private final String UDiskFileName = "/2969_logo/bootfile.image"; private final String Loc ...

  7. C++的精髓——虚函数

    虚函数为了重载和多态的需要,在基类中是由定义的,即便定义是空,所以子类中可以重写也可以不写基类中的函数! 纯虚函数在基类中是没有定义的,必须在子类中加以实现,很像java中的接口函数! 虚函数 引入原 ...

  8. js框架——angular.js(6)

    1. ng-class 这个指令是用来绑定一个或者多个css代码.它的值一般是一个表达式,也可以是函数什么的,只要返回的确实是一个类的名字就可以—— ng-class="nextPageDi ...

  9. PAT (Advanced Level) 1100. Mars Numbers (20)

    简单题. #include<cstdio> #include<cstring> #include<cmath> #include<vector> #in ...

  10. PAT1005

    水题,和中文没啥区别不说了. #include<cstdio> #include<cstdlib> #include<iostream> #include<a ...