ssl - How to decrypt TLS packets from Windows curl.exe (alternative of SSLKEYLOGFILE) - Stack Overflow

admin管理员组

文章数量:1415420

Background

• I want to capture and decrypt TLS packets from curl.exe included with Windows.
• curl in the Linux environment supports the SSLKEYLOGFILE environment variable to export a TLS session key.
• Wireshark can import the TLS session key to decrypt captured TLS packets.

Problem

When I tried to export a TLS session key with the following command, nothing was exported to the specified path.

PS C:\tmp> $env:SSLKEYLOGFILE='C:/tmp/sslkey.log'; curl.exe -s 
TESTFROMCURL
PS C:\tmp> ls C:/tmp/sslkey.log
ls : Cannot find path 'C:\tmp\sslkey.log' because it does not exist.
At line:1 char:1
+ ls C:/tmp/sslkey.log
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\tmp\sslkey.log:String) [Get-ChildItem], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

What I investigated

• curl.exe --version is like this. It says curl.exe is built with Schannel rather than OpenSSL or LibreSSL.

PS C:\tmp> curl.exe --version
curl 8.10.1 (Windows) libcurl/8.10.1 Schannel zlib/1.3 WinIDN
Release-Date: 2024-09-18
Protocols: dict file ftp ftps http https imap imaps ipfs ipns mqtt pop3 pop3s smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets

• Everything curl says SSLKEYLOGFILE requires OpenSSL, LibreSSL, BoringSSL, GnuTLS, or wolfSSL. /usingcurl/tls/sslkeylogfile.html#restrictions

Question

Is there any way to decrypt TLS packets from curl.exe that is included with Windows? Is there any alternative to SSLKEYLOGFILE?

本文标签： sslHow to decrypt TLS packets from Windows curlexe (alternative of SSLKEYLOGFILE)Stack Overflow