想抓一下openfire的包看看,首先要选loopback接口,如果是在本地测试的话。

然后需要搞到rsa私钥,设置好就可以了。

keytool -importkeystore -srckeystore keystore.jks \

    -destkeystore intermediate.p12 -deststoretype PKCS12

Next, use OpenSSL to do the extraction to PEM:

openssl pkcs12 -in intermediate.p12 -out extracted.pem -nodes

http://support.citrix.com/article/CTX135121
http://stackoverflow.com/questions/150167/how-do-i-list-export-private-keys-from-a-keystore
http://alvinalexander.com/java/java-using-keytool-list-query
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
http://www.cloudshield.com/blog/advanced-malware/how-to-decrypt-openssl-sessions-using-wireshark-and-ssl-session-identifiers/
Psst. Your Browser Knows All Your Secrets.

Quoting Diary:

This is a "guest diary" submitted by Sally Vandeven. We will gladly forward any responses or please use our comment/forum section to comment publically. Sally is currently enrolled in the SANS Masters Program.

I got to wondering one day how difficult it would be to find the crypto keys used by my browser and a web server for TLS sessions.  I figured it would involve a memory dump, volatility, trial and error and maybe a little bit of luck.  So I started looking around and like so many things in life….all you have to do is ask.  Really.  Just ask your browser to give you the secrets and it will!  As icing on the cake, Wireshark will read in those secrets and decrypt the data for you.   Here’s a quick rundown of the steps:

Set up an environment variable called SSLKEYLOGFILE that points to a writable flat text file.  Both Firefox and Chrome (relatively current versions) will look for the variable when they start up.  If it exists, the browser will write the values used to generate TLS session keys out to that file.

The file contents looks like this:

64 byte Client Random Values
96 byte Master Secret
16 byte encrypted pre-master secret
96 bytes pre-master secret

The Client_Random entry is for Diffie-Hellman negotiated sessions and
the RSA entry is for sessions using RSA or DSA key exchange.  If you
have the captured TLS encrypted network traffic, these provide the
missing pieces needed for decryption.  Wireshark can take care of that
for you.  Again, all you have to do is ask.

This is an encrypted TLS session, before giving Wireshark the secrets.

Point Wireshark at your file $SSLKEYLOGFILE.  Select Edit -> Preferences -> Protocols -> SSL  and then OK.

To see the decrypted data, use the display filter “ssl &&
http”.  To look at a particular TCP session, right click on any of the
entries and choose to “Follow  SSL Stream”.  This really means “Follow
Decrypted SSL Stream”.   Notice the new tab at the bottom labeled
“Decrypted SSL data”.  Incidentally, if you “Follow TCP Stream” you get
the encrypted TCP stream.

Wireshark’s awesome decryption feature.

Below is a sample of a decrypted SSL Stream.  It contains a login
attempt with username and password, some cookies and other goodies that
web servers and browsers commonly exchange.

Remember: if you have a file with keys in it and the captured data on
your system then anyone that can get their hands on these can decrypt
too.  Hey, if you are a pen-tester you might try setting be on the lookout for an $SSLKEYLOG variable on your targets.  Interesting.

Give it a try but, as always, get written permission from yourself before you begin. Thanks for reading.

This exploration turned into a full blown paper that you can find here:
http://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297

 Alex Stanford

66 Posts
ISC Handler
Reply
Subscribe 		1 year ago
To see traffic, you can use Firefox LiveHttpHeaders plugin.
 Paul Szabo

7 Posts
Reply
Quote 		1 year ago
Nice post Alex

I just tried to set the environment variable in windows 8 system. Then i
ran firefox 23.0 and started browsing in webpages as facebook, or email
that uses SSL. Nevertheless no file with SSLKEYLOGFILE data was
created...

 hecky

2 Posts
Reply
Quote 		1 year ago
Alex,
I just installed FF 23 on a Windows 8 VM and tried it. It seems to work
fine. I tried both user environment variable and system environment
variable. If you set the variable from the command line only the
command shell will see it, not the browser. To set my variable, I
brought up Control Panel and searched for "environment". Here you can
add a user variable and it takes effect immediately and can be accessed
by the browser. It also writes it to the registry in HKCU\Environment.

Sally

 sallyvdv

2 Posts
Reply
Quote 		1 year ago
Hey anonymous, thanks.

You are right, i just had to set the system enviroment variable frome the control panel and not just in the command prompt.

Now it works fine.

 hecky

2 Posts
Reply
Quote 		1 year ago
This worked perfectly
for me. Too bad it only works with browsers. Would be cool to be able to
capture the e-mail traffic from my workstation to the Exchange server.
It uses TLS, as well.
 Anonymous

1 Posts
Reply
Quote 		1 year ago
I was playing with some of this last year in Apache, using the known private key on my server.
There's a good discussion in
http://sharkfest.wireshark.org/sharkfest.12/presentations/MB-1_SSL_Troubleshooting_with%20_Wireshark_Software.pdf

When I tried with Apache, only certain ciphers were decryptable. The
SSLv2 ones, and "EXP-*" ciphers in TLS1 and SSLv3, were not. In order to
ensure that only decryptable ciphers (or vice-versa) are used, you can
set options in Apache or preferences in Firefox.

Sorry for being vague, it's been a while. Thanks for the tip re. the environment variable.

 Anonymous

5 Posts
Reply
Quote 		1 year ago
Hi
I am a newbie and I don't know how to set up an environment variable
called SSLKEYLOGFILE that points to a writable flat text file on a
windows 8.1 machine. Could you please show me step by step how to do it?
Thanks in advance
 

但是spark客户端没有使用xep-0138流压缩,没找到选项可以设置。
<stream:stream to="127.0.0.1" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
    
<?xml version='1.0' encoding='UTF-8'?>
<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>DIGEST-MD5</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
            <mechanism>CRAM-MD5</mechanism>
        </mechanisms>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <auth xmlns="http://jabber.org/features/iq-auth" />
        <register xmlns="http://jabber.org/features/iq-register" />
    </stream:features>

<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"></auth>

<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09Im9mLmVmZi5jb20iLG5vbmNlPSJuWWpuZEJ1bEUwVTBNbHhRbjRnTVB4MjdxMVl6T0owUDZ0TlcyVDBWIixxb3A9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
</challenge>

<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iYWRtaW4iLHJlYWxtPSJvZi5lZmYuY29tIixub25jZT0ibllqbmRCdWxFMFUwTWx4UW40Z01QeDI3cTFZek9KMFA2dE5XMlQwViIsbmM9MDAwMDAwMDEsY25vbmNlPSJQVC82dkxPT0Jqc0MwWGl2NGsyWFVYMTlPOGFVenB6NlRLT0N2ZnNUIixkaWdlc3QtdXJpPSJ4bXBwL29mLmVmZi5jb20iLG1heGJ1Zj02NTUzNixyZXNwb25zZT0wNjE3MjU2YTdhZDliYTE0OTViNGYwNjI5YzczYTM1Nyxxb3A9YXV0aCxhdXRoemlkPSJhZG1pbiI=
</response>

<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD0wZmFhNzQ0MzhhYjEyYTA2OWEyNDhmZjU3NWU1MWQwYQ==
</success>

<stream:stream to="of.eff.com" xmlns="jabber:client"
    xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><?xml version='1.0' encoding='UTF-8'?>

<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
    xmlns="jabber:client" from="of.eff.com" id="ee080a0b" xml:lang="en"
    version="1.0">
    <stream:features>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
        <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
        <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
    </stream:features>

<iq id="S87zn-0" type="set">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <resource>Spark 2.6.3</resource>
    </bind>
</iq>

<iq type="result" id="S87zn-0" to="of.eff.com/ee080a0b">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
        <jid>admin@of.eff.com/Spark 2.6.3</jid>
    </bind>
</iq>

<iq id="S87zn-1" type="set">
    <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</iq>

<iq type="result" id="S87zn-1" to="admin@of.eff.com/Spark 2.6.3" />

<iq id="S87zn-2" type="get">
    <query xmlns="jabber:iq:roster"></query>
</iq>

<iq type="result" id="S87zn-2" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:roster" />
</iq>

<iq id="S87zn-3" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-3" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-4" from="admin@of.eff.com/Spark 2.6.3" type="get">
    <vCard xmlns='vcard-temp' />
</iq>

<iq type="result" id="S87zn-4" to="admin@of.eff.com/Spark 2.6.3">
    <vCard xmlns="vcard-temp" />
</iq>

<iq id="S87zn-5" type="get">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup"></sharedgroup>
</iq>

<iq type="result" id="S87zn-5" to="admin@of.eff.com/Spark 2.6.3">
    <sharedgroup xmlns="http://www.jivesoftware.org/protocol/sharedgroup" />
</iq>

<presence id="S87zn-6">
    <status>Online</status>
    <priority>1</priority>
</presence>

<presence id="S87zn-6" from="admin@of.eff.com/Spark 2.6.3"
    to="admin@of.eff.com/Spark 2.6.3">
    <status>Online</status>
    <priority>1</priority>
</presence>

<iq id="S87zn-7" type="get">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq type="result" id="S87zn-7" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <storage xmlns="storage:bookmarks" />
    </query>
</iq>

<iq id="S87zn-8" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-8" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>
    
<iq id="S87zn-9" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-9" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-10" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-10" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-11" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-11" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-12" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-12" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-13" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-13" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-14" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-14" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-15" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-15" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-16" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-16" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-17" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-17" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-18" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-18" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-19" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-19" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-20" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-20" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-21" to="pubsub.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-21" from="pubsub.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="pubsub" name="Publish-Subscribe service"
            type="service" />
        <feature var="http://jabber.org/protocol/pubsub" />
        <feature var="http://jabber.org/protocol/pubsub#collections" />
        <feature var="http://jabber.org/protocol/pubsub#config-node" />
        <feature
            var="http://jabber.org/protocol/pubsub#create-and-configure" />
        <feature var="http://jabber.org/protocol/pubsub#create-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#delete-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#get-pending" />
        <feature var="http://jabber.org/protocol/pubsub#instant-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#item-ids" />
        <feature var="http://jabber.org/protocol/pubsub#meta-data" />
        <feature var="http://jabber.org/protocol/pubsub#modify-affiliations" />
        <feature
            var="http://jabber.org/protocol/pubsub#manage-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#multi-subscribe" />
        <feature var="http://jabber.org/protocol/pubsub#outcast-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#persistent-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#presence-notifications" />
        <feature var="http://jabber.org/protocol/pubsub#publish" />
        <feature
            var="http://jabber.org/protocol/pubsub#publisher-affiliation" />
        <feature var="http://jabber.org/protocol/pubsub#purge-nodes" />
        <feature var="http://jabber.org/protocol/pubsub#retract-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-affiliations" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-default" />
        <feature var="http://jabber.org/protocol/pubsub#retrieve-items" />
        <feature
            var="http://jabber.org/protocol/pubsub#retrieve-subscriptions" />
        <feature var="http://jabber.org/protocol/pubsub#subscribe" />
        <feature
            var="http://jabber.org/protocol/pubsub#subscription-options" />
        <feature
            var="http://jabber.org/protocol/pubsub#default_access_model_open" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-22" to="proxy.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-22" from="proxy.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="proxy" name="SOCKS5 Bytestreams Service"
            type="bytestreams" />
        <feature var="http://jabber.org/protocol/bytestreams" />
        <feature var="http://jabber.org/protocol/disco#info" />
    </query>
</iq>

<iq id="S87zn-23" to="conference.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-23" from="conference.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="Public Chatrooms"
            type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-24" to="whatisservice.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-24" from="whatisservice.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="conference" name="asdf" type="text" />
        <identity category="directory" name="Public Chatroom Search"
            type="chatroom" />
        <feature var="http://jabber.org/protocol/muc" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/disco#items" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-25" to="search.of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="result" id="S87zn-25" from="search.of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#info">
        <identity category="directory" type="user" name="User Search" />
        <feature var="jabber:iq:search" />
        <feature var="http://jabber.org/protocol/disco#info" />
        <feature var="http://jabber.org/protocol/rsm" />
    </query>
</iq>

<iq id="S87zn-26" to="127.0.0.1" type="get">
    <query xmlns="http://jabber.org/protocol/disco#info"></query>
</iq>

<iq type="error" id="S87zn-26" to="admin@of.eff.com/Spark 2.6.3"
    from="127.0.0.1">
    <query xmlns="http://jabber.org/protocol/disco#info" />
    <error code="404" type="cancel">
        <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" />
    </error>
</iq>

<iq id="S87zn-27" to="of.eff.com" type="get">
    <query xmlns="http://jabber.org/protocol/disco#items"></query>
</iq>

<iq type="result" id="S87zn-27" from="of.eff.com"
    to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="http://jabber.org/protocol/disco#items">
        <item jid="pubsub.of.eff.com" name="Publish-Subscribe service" />
        <item jid="proxy.of.eff.com" name="Socks 5 Bytestreams Proxy" />
        <item jid="conference.of.eff.com" name="Public Chatrooms" />
        <item jid="whatisservice.of.eff.com" name="asdf" />
        <item jid="search.of.eff.com" name="User Search" />
    </query>
</iq>

<iq id="S87zn-28" type="get">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

<iq type="result" id="S87zn-28" to="admin@of.eff.com/Spark 2.6.3">
    <query xmlns="jabber:iq:private">
        <gateway-settings xmlns="http://www.jivesoftware.org/spark" />
    </query>
</iq>

wireshark tls的更多相关文章

  1. 【转】Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)

    本文转自:http://www.wjdiankong.cn/wireshark%E5%92%8Cfiddler%E5%88%86%E6%9E%90android%E4%B8%AD%E7%9A%84tl ...

  2. 使用wireshark分析TLS

    1.基本概念 SSL:(Secure Socket Layer,安全套接字层),位于可靠的面向连接的网络层协议和应用层协议之间的一种协议层.SSL通过互相认证.使用数字签名确保完整性.使用加密确保私密 ...

  3. 使用wireshark观察SSL/TLS握手过程--双向认证/单向认证

    SSL/TLS握手过程可以分成两种类型: 1)SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书.2)SSL/TLS 单向认证,客户端会认证服务器端身份,而服务器端不会去对客户 ...

  4. android黑科技系列——Wireshark和Fiddler分析Android中的TLS协议包数据(附带案例样本)

    一.前言 在之前一篇文章已经介绍了一款网络访问软件的破解教程,当时采用的突破口是应用程序本身的一个漏洞,就是没有关闭日志信息,我们通过抓取日志获取到关键信息来找到突破口进行破解的.那篇文章也说到了,如 ...

  5. [https][tls] 如何使用wireshark查看tls/https加密消息--使用私钥

    之前总结了使用keylog进行https流量分析的方法: [https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog 今天总结一下使用服务器端证书私钥进行h ...

  6. [https][tls] 如何使用wireshark查看tls/https加密消息--使用keylog

    姊妹篇: [ipsec][strongswan] 使用wireshark查看strongswan ipsec esp ikev1 ikev2的加密内容 [https][tls] 如何使用wiresha ...

  7. 如何利用Wireshark解密SSL和TLS流量

    如何利用Wireshark解密SSL和TLS流量https://support.citrix.com/article/CTX135121 1.有server端的private key,直接在wires ...

  8. Wireshark does not show SSL/TLS

    why it doesn't show as "TLS/SSL"? Because it's not on the standard port for SSL/TLS. You c ...

  9. 使用wireshark捕获SSL/TLS包并分析

    原创博客,转载请注出处! TLS运作方式如下图:

随机推荐

  1. psy

    本文的重点是讲解如何运用心理线指标看盘,运用周线月线的心理线来抓住大盘的顶部和底部的研究.分析研究的材料都来源于沪市历史上的顶部和底部的历史数据.从psy数据所得出的结论大多数是有效的,只有个别时期的 ...

  2. NSAttributedString in Swift

    转载自: https://www.invasivecode.com/weblog/attributed-text-swift/   I have been talking quite a lot in ...

  3. debian 安装 android studio 环境

    jdk环境变量配置: ~/.hashrc export JAVA_HOME=/usr/share/jdk1.8.0_92 export PATH=$JAVA_HOME/bin:$PATH export ...

  4. JS定时器的使用--延时提示框

    <title>无标题文档</title> <style> div{float:left;margin:10px;} #div1{width:50px; height ...

  5. HDU2216:Game III(BFS)

    Game III Time Limit : 2000/1000ms (Java/Other)   Memory Limit : 65536/32768K (Java/Other) Total Subm ...

  6. Box2d b2World的RayCast方法

    RayCast方法: world.RayCast(callback:Function,point1:b2Vec2,point2:b2Vec2); * callback 回调函数 * point1 射线 ...

  7. Xshell无法连接虚拟机中的Ubuntu

    遇到问题: VAWare中安装了Ubuntu-Desktop,Xshell连接失败 解决办法: 首先确认虚拟Ubuntu可以正常联网 可能原因是没有安装openssh服务 sudo apt-get i ...

  8. [原]点击按钮,表格隔行变色:偶数行为黄色背景,奇数行为默认颜色。通过table的getElementsByTagName取得所有的tr,依次遍历,如果是偶数就…………。

    window.onload = function () { document.getElementById('btn').onclick = function () {                 ...

  9. 转:利用ant与jmeter实现负载测试自动化

    性能测试一直以来都是测试领域一个令人争议的话题.测试的参考标准.评判依据及测试的方法选择都很难有一个统一的说法.但无论如何,对于需要能够承受一定压力而运行的程序来说,进行其进行功能和性能测试是一个必不 ...

  10. 最短路径算法专题3----Bellman-Ford

    这个算法也是求单源最短路径用的,但是这个算法可以解决Dijkstra不能解决的负权边问题. 算法要点: 1.用dis存放源点到任意一点的距离. 2.用三个数组存放输入的点到点以及点到点的距离,x[i] ...