Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Feature proposal: DoT logging using SSLKEYLOGFILE #205

Open
pspacek opened this issue Dec 9, 2019 · 0 comments
Open

Feature proposal: DoT logging using SSLKEYLOGFILE #205

pspacek opened this issue Dec 9, 2019 · 0 comments
Labels
help wanted Extra attention is needed

Comments

@pspacek
Copy link

pspacek commented Dec 9, 2019

Modern versions of SSL libraries support TLS session key logging via environment variable SSLKEYLOGFILE. This opens possibility to decipher TLS traffic in dnscap and to log DNS traffic from "inside" of the TLS channel.

Roughly:

  1. Set SSLKEYLOGFILE in DNS server environment to a file or pipe
  2. dnscap reads session keys from given file or pipe
  3. TLS traffic is decrypted using given session key
  4. DNS packets are saved into output as usual.

Wireshark already implements this so there is possibility get inspiration in its code base.
@jelu jelu added the help wanted Extra attention is needed label May 8, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jelu @pspacek