我正在使用 Network Monitor 3.4 和 nmdecrypt expert。我在对话窗口中打开 nimbuzz 对话节点,然后单击 Expert-> nmDecrpt -> run Expert
出现一个窗口,我必须在其中添加服务器证书。我不确定如何检索 nimbuzz XMPP 聊天服务的服务器证书。有什么想法吗?
这个问题是一个后续问题这一个。
编辑一些背景信息因此,这可能是使用服务器公钥加密的,我无法检索该消息,除非我调试本机二进制文件并尝试拦截加密代码。我有一个测试客户端(使用 agsXMPP),可以毫无问题地连接到 nimbuzz。唯一不起作用的是添加隐形模式。这似乎是登录期间从官方客户端发送的一些数据包,我想获得它。任何尝试获取此信息的建议都将不胜感激。也许我应该自己去(并学习)IDA专业版?
这是我在网络监视器上检查 TLS 帧时得到的结果:
Frame: Number = 81, Captured Frame Length = 769, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[...],SourceAddress:[....]
+ Ipv4: Src = ..., Dest = 192.168.2.101, Next Protocol = TCP, Packet ID = 9939, Total IP Length = 755
- Tcp: Flags=...AP..., SrcPort=5222, DstPort=3578, PayloadLen=715, Seq=4101074854 - 4101075569, Ack=1127356300, Win=4050 (scale factor 0x0) = 4050
SrcPort: 5222
DstPort: 3578
SequenceNumber: 4101074854 (0xF4716FA6)
AcknowledgementNumber: 1127356300 (0x4332178C)
+ DataOffset: 80 (0x50)
+ Flags: ...AP...
Window: 4050 (scale factor 0x0) = 4050
Checksum: 0x8841, Good
UrgentPointer: 0 (0x0)
TCPPayload: SourcePort = 5222, DestinationPort = 3578
TLSSSLData: Transport Layer Security (TLS) Payload Data
- TLS: TLS Rec Layer-1 HandShake: Server Hello.; TLS Rec Layer-2 HandShake: Certificate.; TLS Rec Layer-3 HandShake: Server Hello Done.
- TlsRecordLayer: TLS Rec Layer-1 HandShake:
ContentType: HandShake:
- Version: TLS 1.0
Major: 3 (0x3)
Minor: 1 (0x1)
Length: 42 (0x2A)
- SSLHandshake: SSL HandShake ServerHello(0x02)
HandShakeType: ServerHello(0x02)
Length: 38 (0x26)
- ServerHello: 0x1
+ Version: TLS 1.0
+ RandomBytes:
SessionIDLength: 0 (0x0)
TLSCipherSuite: TLS_RSA_WITH_AES_256_CBC_SHA { 0x00, 0x35 }
CompressionMethod: 0 (0x0)
- TlsRecordLayer: TLS Rec Layer-2 HandShake:
ContentType: HandShake:
- Version: TLS 1.0
Major: 3 (0x3)
Minor: 1 (0x1)
Length: 654 (0x28E)
- SSLHandshake: SSL HandShake Certificate(0x0B)
HandShakeType: Certificate(0x0B)
Length: 650 (0x28A)
- Cert: 0x1
CertLength: 647 (0x287)
- Certificates:
CertificateLength: 644 (0x284)
- X509Cert: Issuer: nimbuzz.com,Nimbuzz,NL, Subject: nimbuzz.com,Nimbuzz,NL
+ SequenceHeader:
- TbsCertificate: Issuer: nimbuzz.com,Nimbuzz,NL, Subject: nimbuzz.com,Nimbuzz,NL
+ SequenceHeader:
+ Tag0:
+ Version: (2)
+ SerialNumber: -1018418383
+ Signature: Sha1WithRSAEncryption (1.2.840.113549.1.1.5)
- Issuer: nimbuzz.com,Nimbuzz,NL
- RdnSequence: nimbuzz.com,Nimbuzz,NL
+ SequenceOfHeader: 0x1
+ Name: NL
+ Name: Nimbuzz
+ Name: nimbuzz.com
+ Validity: From: 02/22/10 20:22:32 UTC To: 02/20/20 20:22:32 UTC
+ Subject: nimbuzz.com,Nimbuzz,NL
- SubjectPublicKeyInfo: RsaEncryption (1.2.840.113549.1.1.1)
+ SequenceHeader:
+ Algorithm: RsaEncryption (1.2.840.113549.1.1.1)
- SubjectPublicKey:
- AsnBitStringHeader:
- AsnId: BitString type (Universal 3)
- LowTag:
Class: (00......) Universal (0)
Type: (..0.....) Primitive
TagValue: (...00011) 3
- AsnLen: Length = 141, LengthOfLength = 1
LengthType: LengthOfLength = 1
Length: 141 bytes
BitString:
+ Tag3:
+ Extensions:
- SignatureAlgorithm: Sha1WithRSAEncryption (1.2.840.113549.1.1.5)
- SequenceHeader:
- AsnId: Sequence and SequenceOf types (Universal 16)
+ LowTag:
- AsnLen: Length = 13, LengthOfLength = 0
Length: 13 bytes, LengthOfLength = 0
+ Algorithm: Sha1WithRSAEncryption (1.2.840.113549.1.1.5)
- Parameters: Null Value
- Sha1WithRSAEncryption: Null Value
+ AsnNullHeader:
- Signature:
- AsnBitStringHeader:
- AsnId: BitString type (Universal 3)
- LowTag:
Class: (00......) Universal (0)
Type: (..0.....) Primitive
TagValue: (...00011) 3
- AsnLen: Length = 129, LengthOfLength = 1
LengthType: LengthOfLength = 1
Length: 129 bytes
BitString:
+ TlsRecordLayer: TLS Rec Layer-3 HandShake:
答案1
除非您是 Nimbuzz 的服务器运营商,否则您无法获取解密对话所需的私钥。