CN113225354A - Method and system for analyzing secure channel encrypted data - Google Patents
Method and system for analyzing secure channel encrypted data Download PDFInfo
- Publication number
- CN113225354A CN113225354A CN202110616344.5A CN202110616344A CN113225354A CN 113225354 A CN113225354 A CN 113225354A CN 202110616344 A CN202110616344 A CN 202110616344A CN 113225354 A CN113225354 A CN 113225354A
- Authority
- CN
- China
- Prior art keywords
- data packet
- plug
- secure channel
- data
- encrypted data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention belongs to the technical field of information security, and particularly relates to a method and a system for analyzing encrypted data of a secure channel, wherein the method comprises the steps of firstly, after a user-defined plug-in disector is developed through a plug-in mechanism of a network data packet analysis tool, starting the network data packet analysis tool to load the plug-in disector to capture an encrypted data packet of the secure channel; then filtering out a specified data packet from the obtained encrypted data packets according to a preset filtering condition; and finally, respectively acquiring a session key according to the connection establishment state of the secure channel where the protocol operation code of the data packet is positioned, and decrypting and analyzing the data packet by using the session key. The invention can decrypt and analyze the ciphertext data and support the user-defined security channel protocol.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method and a system for analyzing encrypted data of a secure channel.
Background
Wireshark is popular protocol analysis software at present, and can be used for translating captured network binary data streams of various protocols into forms of characters, diagrams and the like which are easy to read and understand by people, so that monitoring analysis and teaching experiments on network activities are greatly facilitated. It has rich and powerful statistical analysis function and may be used in Windows, Linux, UNIX and other systems.
Wireshark is a source-opening software for capturing packages, and the software can display many common general protocols because a parser of the common protocols is built in. The Wireshark software can be used for capturing and analyzing common communication protocol data packets such as HTTP/HTTPS/TLS/IPSEC and the like, but cannot analyze data encrypted by using a key, is not a plaintext, is inconvenient for data analysis, and cannot analyze a user-defined secure channel protocol.
Therefore, how to design a method for analyzing the encrypted data of the secure channel, which can decrypt and analyze the ciphertext data and support a customized secure channel protocol is a problem to be solved at present.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a method and a system for analyzing encrypted data of a secure channel, which can decrypt and analyze ciphertext data and support a self-defined secure channel protocol.
In order to solve the technical problems, the invention adopts the following technical scheme:
the invention provides a method for analyzing encrypted data of a secure channel, which comprises the following steps:
step 1, after a user-defined plug-in disector is developed through a plug-in mechanism of a network data packet analysis tool, starting the network data packet analysis tool to load the plug-in disector to capture a security channel encrypted data packet;
step 2, filtering out a specified data packet from the obtained encrypted data packets through a preset filtering condition;
and 3, respectively acquiring a session key according to the connection establishment state of the secure channel where the protocol operation code of the data packet is positioned, and decrypting and analyzing the data packet by using the session key.
Further, the step 1 specifically includes:
registering a plug-in disector of a self-defined filter protocol by using a plug-in mechanism of a network data packet analysis tool;
storing the plug-in disector in a specified position of a network data packet analysis tool installation directory;
and after the network data packet analysis tool is started to load the plug-in disector, capturing all encrypted data packets of the relevant protocols from the established secure channel, and transmitting the encrypted data packets to the plug-in disector.
Further, the step 2 specifically includes:
the plug-in disasector firstly checks whether the lengths of all captured encrypted data packets are larger than a preset byte or not, if so, checks whether the front part of bytes meet a preset filtering condition or not, and only filters the encrypted data packets meeting the condition into encrypted data packets of specified analysis; if the length is less than the preset byte, terminating the subsequent process;
wherein, the filtering condition at least comprises using IP address, port number and self-defined character identification filtering.
Further, the process of establishing the connection of the secure channel is as follows:
the first step is as follows: the client requests the server for the server digital certificate, the server returns the server digital certificate to the client, and the client verifies the validity of the server-returned digital certificate by using a preset root certificate;
the second step is that: the client generates a 16-byte random number as a session key, the random number is encrypted by using a public key of a digital certificate of the server and then is sent to the server, and the server decrypts the random number by using a private key corresponding to the digital certificate of the server to obtain the session key;
the third step: and the client and the server use the session key to carry out encrypted transmission on the communication data.
Further, the step 3 specifically includes:
when the protocol operation code is the first step of establishing the safe channel connection, the data in the data packet is plaintext, and the plaintext data is directly displayed;
when the protocol operation code is the second step of establishing the secure channel connection, if the data packet is a specified data packet which is sent to the server by the client and filtered according to the filtering condition, the plug-in disaser decrypts the data by using a private key corresponding to the preset server digital certificate to obtain a session key, and stores the session key for analyzing a subsequent data packet;
and when the protocol operation code is the third step of establishing the secure channel connection, directly decrypting the encrypted data packet by using the stored session key to obtain a plaintext data packet, and performing subsequent data analysis.
Further, the protocol format of the data packet comprises identification, an operation code, a protocol version, a sequence number, a total data length and communication data; the identification comprises a data packet identification sent to the server by the client and a data packet identification sent to the client by the server.
The present invention further provides a system for analyzing secure channel encrypted data, for implementing the above method for analyzing secure channel encrypted data, the system comprising:
the data capturing module is used for starting a network data packet analysis tool to load a plug-in disector to capture the encrypted data packet of the secure channel after the user-defined plug-in disector is developed through a plug-in mechanism of the network data packet analysis tool;
the data filtering module is used for filtering out a specified data packet from the obtained encrypted data packet through a preset filtering condition;
and the data decryption analysis module is used for respectively acquiring the session key according to the connection establishment state of the secure channel where the protocol operation code of the data packet is located and decrypting and analyzing the data packet by using the session key.
Further, the data capture module is configured to, after a user-defined plug-in disector is developed through a plug-in mechanism of a network data packet analysis tool, start the network data packet analysis tool to load the plug-in disector to capture the secure channel encrypted data packet, and specifically includes:
registering a plug-in disector of a self-defined filter protocol by using a plug-in mechanism of a network data packet analysis tool;
storing the plug-in disector in a specified position of a network data packet analysis tool installation directory;
and after the network data packet analysis tool is started to load the plug-in disector, capturing all encrypted data packets of the relevant protocols from the established secure channel, and transmitting the encrypted data packets to the plug-in disector.
Further, the data filtering module is configured to filter out an assigned data packet from the obtained encrypted data packet according to a preset filtering condition, and specifically includes:
the plug-in disasector firstly checks whether the lengths of all captured encrypted data packets are larger than a preset byte or not, if so, checks whether the front part of bytes meet a preset filtering condition or not, and only filters the encrypted data packets meeting the condition into encrypted data packets of specified analysis; if the length is less than the preset byte, terminating the subsequent process;
wherein, the filtering condition at least comprises using IP address, port number and self-defined character identification filtering.
Further, the data decryption analysis module is configured to respectively obtain a session key according to a state of connection establishment of a secure channel where a protocol operation code of a data packet is located, and decrypt and analyze the data packet using the session key, and specifically includes:
when the protocol operation code is the first step of establishing the safe channel connection, the data in the data packet is plaintext, and the plaintext data is directly displayed;
when the protocol operation code is the second step of establishing the secure channel connection, if the data packet is a specified data packet which is sent to the server by the client and filtered according to the filtering condition, the plug-in disaser decrypts the data by using a private key corresponding to the preset server digital certificate to obtain a session key, and stores the session key for analyzing a subsequent data packet;
and when the protocol operation code is the third step of establishing the secure channel connection, directly decrypting the encrypted data packet by using the stored session key to obtain a plaintext data packet, and performing subsequent data analysis.
Compared with the prior art, the invention has the following advantages:
on one hand, the method filters out the appointed data packet from the obtained encrypted data packet through the preset filtering condition, respectively obtains the session key according to the connection state established by the protocol operation code of the data packet in the secure channel, decrypts and analyzes the data packet by using the session key, can filter, decrypt and analyze the captured ciphertext data packet, and assists in software development, debugging and data analysis after deployment; on the other hand, the method can customize the data packet format and the communication protocol, not only can support the data analysis of the common safe channel protocol, but also can support the customized communication protocol analysis, and the application range is expanded.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow diagram of a method for analyzing secure channel encrypted data in accordance with an embodiment of the present invention;
fig. 2 is a block diagram of a system for analyzing secure channel encrypted data according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, the present embodiment provides a method for analyzing encrypted data of a secure channel, the method comprising the following steps:
step S11, after a user-defined plug-in disector is developed through a plug-in mechanism of a network data packet analysis tool, the network data packet analysis tool is started to load the plug-in disector to capture a security channel encrypted data packet;
step S12, filtering out the appointed data packet from the obtained encrypted data packet through the preset filtering condition;
step S13, respectively obtaining the session key according to the connection establishment status of the secure channel where the protocol operation code of the data packet is located, and decrypting and analyzing the data packet by using the session key.
Specifically, step S11 specifically includes:
step S111, registering a plug-in disector of a self-defined filter protocol by using a plug-in mechanism of a network data packet analysis tool;
step S112, storing the plug-in disector in the specified position of the network data packet analysis tool installation directory;
step S113, after the network data packet analysis tool is started to load the plug-in disector, all the encrypted data packets of the relevant protocols are captured from the established secure channel and transmitted to the plug-in disector.
Specifically, step S12 specifically includes:
the plug-in disasector firstly checks whether the lengths of all captured encrypted data packets are larger than a preset byte or not, if so, checks whether the front part of bytes meet a preset filtering condition or not, and only filters the encrypted data packets meeting the condition into encrypted data packets of specified analysis; if the length is less than the preset byte, terminating the subsequent process;
wherein, the filtering condition at least comprises using IP address, port number and self-defined character identification filtering.
In practical application, the process of establishing the connection of the secure channel is as follows:
the first step is as follows: the client requests the server for the server digital certificate, the server returns the server digital certificate to the client, and the client verifies the validity of the server-returned digital certificate by using a preset root certificate;
the second step is that: the client generates a 16-byte random number as a session key, the random number is encrypted by using a public key of a digital certificate of the server and then is sent to the server, and the server decrypts the random number by using a private key corresponding to the digital certificate of the server to obtain the session key;
the third step: and the client and the server use the session key to carry out encrypted transmission on the communication data.
Specifically, step S13 specifically includes:
when the protocol operation code is the first step of establishing the safe channel connection, the data in the data packet is plaintext, and the plaintext data is directly displayed;
when the protocol operation code is the second step of establishing the secure channel connection, if the data packet is a specified data packet which is sent to the server by the client and filtered according to the filtering condition, the plug-in disaser decrypts the data by using a private key corresponding to the preset server digital certificate to obtain a session key, and stores the session key for analyzing a subsequent data packet;
and when the protocol operation code is the third step of establishing the secure channel connection, directly decrypting the encrypted data packet by using the stored session key to obtain a plaintext data packet, and performing subsequent data analysis.
Further, the protocol format of the data packet includes an identifier, an operation code, a protocol version, a sequence number, a total data length and communication data; the identification comprises a data packet identification sent to the server by the client and a data packet identification sent to the client by the server.
In a specific application, a client and a server are in socket connection, and the communication data format is as follows:
the fixed length of the protocol header is 18 bytes: TAG [4B ] + opcode [2B ] + protocol version [4B ] + sequence number [4B ] + Total data Length [4B ].
The data packet TAG sent to the server by the client is VHSM, and the data packet TAG sent to the client by the server is VHSM.
And the data contained in the data packet is ciphertext data after the SSL encryption channel is established.
In practical application, according to the encryption channel establishment process, the key for analyzing the ciphertext data is to obtain the session key.
A user-defined dispector of the tcp protocol can be registered by using a network data packet analysis tool plug-in mechanism, and then the network data packet analysis tool can transfer all captured tcp data packets to the dispector.
The Dissector firstly checks whether the length of the tcp data packet is larger than 18 bytes, then checks whether the first 4 bytes are 'VHSM' or 'VHSM', and determines that the tcp data packet is a VHSM protocol data packet.
Then, analyzing the data according to the operation code and the total length of the data:
when the protocol operation code is used for establishing SSL connection and acquiring the digital certificate of the server in the step 1, the data in the data packet is plaintext and can be directly displayed;
when the protocol operation code is session key encryption transmission in step 2 of establishing the SSL connection, and the data packet is a data packet (the first 4 bytes are "vhsm") sent by the client to the server, the disactor uses a private key corresponding to the preset server certificate to decrypt data to obtain the session key and records the session key for analysis of subsequent data packets.
When the protocol operation code is used for data encryption transmission, the plaintext data is obtained after the session key is used for decrypting the data.
As shown in fig. 2, this embodiment further proposes a system for analyzing the encrypted data of the secure channel, which is used to implement the method for analyzing the encrypted data of the secure channel as described above, and the system includes:
the data capturing module 21 is configured to start the network data packet analysis tool to load the plug-in disector to capture the secure channel encrypted data packet after the user-defined plug-in disector is developed through a network data packet analysis tool plug-in mechanism;
the data filtering module 22 is configured to filter out a specified data packet from the obtained encrypted data packets according to a preset filtering condition;
and the data decryption analysis module 23 is configured to respectively obtain a session key according to a connection establishment state of a secure channel where the protocol operation code of the data packet is located, and decrypt and analyze the data packet by using the session key.
Further, the data capture module is configured to, after a user-defined plug-in disector is developed through a plug-in mechanism of a network data packet analysis tool, start the network data packet analysis tool to load the plug-in disector to capture the secure channel encrypted data packet, and specifically includes:
registering a plug-in disector of a self-defined filter protocol by using a plug-in mechanism of a network data packet analysis tool;
storing the plug-in disector in a specified position of a network data packet analysis tool installation directory;
and after the network data packet analysis tool is started to load the plug-in disector, capturing all encrypted data packets of the relevant protocols from the established secure channel, and transmitting the encrypted data packets to the plug-in disector.
Further, the data filtering module is configured to filter out an assigned data packet from the obtained encrypted data packet according to a preset filtering condition, and specifically includes:
the plug-in disasector firstly checks whether the lengths of all captured encrypted data packets are larger than a preset byte or not, if so, checks whether the front part of bytes meet a preset filtering condition or not, and only filters the encrypted data packets meeting the condition into encrypted data packets of specified analysis; if the length is less than the preset byte, terminating the subsequent process;
wherein, the filtering condition at least comprises using IP address, port number and self-defined character identification filtering.
Further, the data decryption analysis module is configured to respectively obtain a session key according to a state of connection establishment of a secure channel where a protocol operation code of a data packet is located, and decrypt and analyze the data packet by using the session key, and specifically includes:
when the protocol operation code is the first step of establishing the safe channel connection, the data in the data packet is plaintext, and the plaintext data is directly displayed;
when the protocol operation code is the second step of establishing the secure channel connection, if the data packet is a specified data packet which is sent to the server by the client and filtered according to the filtering condition, the plug-in disaser decrypts the data by using a private key corresponding to the preset server digital certificate to obtain a session key, and stores the session key for analyzing a subsequent data packet;
and when the protocol operation code is the third step of establishing the secure channel connection, directly decrypting the encrypted data packet by using the stored session key to obtain a plaintext data packet, and performing subsequent data analysis.
On one hand, the method filters out the appointed data packet from the obtained encrypted data packet through the preset filtering condition, respectively obtains the session key according to the connection state established by the protocol operation code of the data packet in the secure channel, decrypts and analyzes the data packet by using the session key, can filter, decrypt and analyze the captured ciphertext data packet, and assists in software development, debugging and data analysis after deployment; on the other hand, the method can customize the data packet format and the communication protocol, not only can support the data analysis of the common safe channel protocol, but also can support the customized communication protocol analysis, and the application range is expanded.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. A method for analyzing secure channel encrypted data, the method comprising the steps of:
step 1, after a user-defined plug-in disector is developed through a plug-in mechanism of a network data packet analysis tool, starting the network data packet analysis tool to load the plug-in disector to capture a security channel encrypted data packet;
step 2, filtering out a specified data packet from the obtained encrypted data packets through a preset filtering condition;
and 3, respectively acquiring a session key according to the connection establishment state of the secure channel where the protocol operation code of the data packet is positioned, and decrypting and analyzing the data packet by using the session key.
2. The method for analyzing secure channel encrypted data according to claim 1, wherein the step 1 specifically includes:
registering a plug-in disector of a self-defined filter protocol by using a plug-in mechanism of a network data packet analysis tool;
storing the plug-in disector in a specified position of a network data packet analysis tool installation directory;
and after the network data packet analysis tool is started to load the plug-in disector, capturing all encrypted data packets of the relevant protocols from the established secure channel, and transmitting the encrypted data packets to the plug-in disector.
3. The method for analyzing secure channel encrypted data according to claim 1, wherein the step 2 specifically includes:
the plug-in disasector firstly checks whether the lengths of all captured encrypted data packets are larger than a preset byte or not, if so, checks whether the front part of bytes meet a preset filtering condition or not, and only filters the encrypted data packets meeting the condition into encrypted data packets of specified analysis; if the length is less than the preset byte, terminating the subsequent process;
wherein, the filtering condition at least comprises using IP address, port number and self-defined character identification filtering.
4. Method for analyzing secure channel encrypted data according to claim 1, characterized in that the process of establishing a connection by the secure channel is as follows:
the first step is as follows: the client requests the server for the server digital certificate, the server returns the server digital certificate to the client, and the client verifies the validity of the server-returned digital certificate by using a preset root certificate;
the second step is that: the client generates a 16-byte random number as a session key, the random number is encrypted by using a public key of a digital certificate of the server and then is sent to the server, and the server decrypts the random number by using a private key corresponding to the digital certificate of the server to obtain the session key;
the third step: and the client and the server use the session key to carry out encrypted transmission on the communication data.
5. The method for analyzing encrypted data of a secure channel according to claim 4, wherein the step 3 specifically includes:
when the protocol operation code is the first step of establishing the safe channel connection, the data in the data packet is plaintext, and the plaintext data is directly displayed;
when the protocol operation code is the second step of establishing the secure channel connection, if the data packet is a specified data packet which is sent to the server by the client and filtered according to the filtering condition, the plug-in disaser decrypts the data by using a private key corresponding to the preset server digital certificate to obtain a session key, and stores the session key for analyzing a subsequent data packet;
and when the protocol operation code is the third step of establishing the secure channel connection, directly decrypting the encrypted data packet by using the stored session key to obtain a plaintext data packet, and performing subsequent data analysis.
6. The method for analyzing secure channel encrypted data according to claim 1, wherein a protocol format of the data packet includes an identification, an operation code, a protocol version, a sequence number, a total length of data, and communication data; the identification comprises a data packet identification sent to the server by the client and a data packet identification sent to the client by the server.
7. A system for analysing secure channel encrypted data, for implementing a method for analysing secure channel encrypted data according to any of claims 1 to 6, the system comprising:
the data capturing module is used for starting a network data packet analysis tool to load a plug-in disector to capture the encrypted data packet of the secure channel after the user-defined plug-in disector is developed through a plug-in mechanism of the network data packet analysis tool;
the data filtering module is used for filtering out a specified data packet from the obtained encrypted data packet through a preset filtering condition;
and the data decryption analysis module is used for respectively acquiring the session key according to the connection establishment state of the secure channel where the protocol operation code of the data packet is located and decrypting and analyzing the data packet by using the session key.
8. The system for analyzing encrypted data of a secure channel according to claim 7, wherein the data fetching module is configured to, after a user-defined plug-in disactor is developed through a plug-in mechanism of a network data packet analysis tool, start the network data packet analysis tool to load the plug-in disactor to fetch the encrypted data packet of the secure channel, and specifically includes:
registering a plug-in disector of a self-defined filter protocol by using a plug-in mechanism of a network data packet analysis tool;
storing the plug-in disector in a specified position of a network data packet analysis tool installation directory;
and after the network data packet analysis tool is started to load the plug-in disector, capturing all encrypted data packets of the relevant protocols from the established secure channel, and transmitting the encrypted data packets to the plug-in disector.
9. The system for analyzing encrypted data of a secure channel according to claim 7, wherein the data filtering module is configured to filter out a specified data packet from the obtained encrypted data packets according to a preset filtering condition, and specifically includes:
the plug-in disasector firstly checks whether the lengths of all captured encrypted data packets are larger than a preset byte or not, if so, checks whether the front part of bytes meet a preset filtering condition or not, and only filters the encrypted data packets meeting the condition into encrypted data packets of specified analysis; if the length is less than the preset byte, terminating the subsequent process;
wherein, the filtering condition at least comprises using IP address, port number and self-defined character identification filtering.
10. The system according to claim 7, wherein the data decryption analysis module is configured to respectively obtain a session key according to a connection establishment status of the secure channel where the protocol operation code of the data packet is located, and decrypt and analyze the data packet by using the session key, and specifically includes:
when the protocol operation code is the first step of establishing the safe channel connection, the data in the data packet is plaintext, and the plaintext data is directly displayed;
when the protocol operation code is the second step of establishing the secure channel connection, if the data packet is a specified data packet which is sent to the server by the client and filtered according to the filtering condition, the plug-in disaser decrypts the data by using a private key corresponding to the preset server digital certificate to obtain a session key, and stores the session key for analyzing a subsequent data packet;
and when the protocol operation code is the third step of establishing the secure channel connection, directly decrypting the encrypted data packet by using the stored session key to obtain a plaintext data packet, and performing subsequent data analysis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110616344.5A CN113225354B (en) | 2021-06-02 | 2021-06-02 | Method and system for analyzing secure channel encrypted data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110616344.5A CN113225354B (en) | 2021-06-02 | 2021-06-02 | Method and system for analyzing secure channel encrypted data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113225354A true CN113225354A (en) | 2021-08-06 |
| CN113225354B CN113225354B (en) | 2022-03-22 |
Family
ID=77082668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110616344.5A Active CN113225354B (en) | 2021-06-02 | 2021-06-02 | Method and system for analyzing secure channel encrypted data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113225354B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099991A (en) * | 2014-04-28 | 2015-11-25 | 北京奇虎科技有限公司 | Mobile terminal network data packet capturing method and device |
| CN108156178A (en) * | 2018-01-30 | 2018-06-12 | 上海天旦网络科技发展有限公司 | A kind of SSL/TLS data monitoring systems and method |
| CN111064575A (en) * | 2019-11-12 | 2020-04-24 | 卡斯柯信号(郑州)有限公司 | Method for analyzing network packet capturing applied to signal system of domestic password encryption |
| US20200145396A1 (en) * | 2018-11-06 | 2020-05-07 | International Business Machines Corporation | Extracting data from passively captured web traffic that is encrypted in accordance with an anonymous key agreement protocol |
| CN111224995A (en) * | 2020-01-15 | 2020-06-02 | 成都安舟信息技术有限公司 | SSL/TLS network encryption communication information real-time decryption method based on memory analysis |
| CN112165494A (en) * | 2020-09-30 | 2021-01-01 | 厦门亿联网络技术股份有限公司 | Message analysis method and device, electronic equipment and storage medium |
| CN112654038A (en) * | 2020-12-15 | 2021-04-13 | 深圳市豪恩安全科技有限公司 | Method, device and system for decrypting Mesh network data |
-
2021
- 2021-06-02 CN CN202110616344.5A patent/CN113225354B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099991A (en) * | 2014-04-28 | 2015-11-25 | 北京奇虎科技有限公司 | Mobile terminal network data packet capturing method and device |
| CN108156178A (en) * | 2018-01-30 | 2018-06-12 | 上海天旦网络科技发展有限公司 | A kind of SSL/TLS data monitoring systems and method |
| US20200145396A1 (en) * | 2018-11-06 | 2020-05-07 | International Business Machines Corporation | Extracting data from passively captured web traffic that is encrypted in accordance with an anonymous key agreement protocol |
| CN111064575A (en) * | 2019-11-12 | 2020-04-24 | 卡斯柯信号(郑州)有限公司 | Method for analyzing network packet capturing applied to signal system of domestic password encryption |
| CN111224995A (en) * | 2020-01-15 | 2020-06-02 | 成都安舟信息技术有限公司 | SSL/TLS network encryption communication information real-time decryption method based on memory analysis |
| CN112165494A (en) * | 2020-09-30 | 2021-01-01 | 厦门亿联网络技术股份有限公司 | Message analysis method and device, electronic equipment and storage medium |
| CN112654038A (en) * | 2020-12-15 | 2021-04-13 | 深圳市豪恩安全科技有限公司 | Method, device and system for decrypting Mesh network data |
Non-Patent Citations (2)
| Title |
|---|
| 唐辉: "基于Wireshark二次开发的地铁信号系统应用协议解析插件", 《交通与运输(学术版)》 * |
| 张博力: "SRT协议的数据包结构解析和抓包分析", 《现代电视技术》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113225354B (en) | 2022-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7302564B2 (en) | Translation of secure communications for handshake protocols | |
| USRE45348E1 (en) | Method and apparatus for intercepting events in a communication system | |
| CN109450777B (en) | Session information extraction method, device, equipment and medium | |
| CN107124385B (en) | Mirror flow-based SSL/TLS protocol plaintext data acquisition method | |
| CN103618726A (en) | Method for recognizing mobile data service based on HTTPS | |
| CN113676348B (en) | Network channel cracking method, device, server and storage medium | |
| WO2020252897A1 (en) | Distributed link data authentication method, device and apparatus, and storage medium | |
| WO2017173838A1 (en) | Verification-based message display method and communication terminal | |
| US8010787B2 (en) | Communication device, communication log transmitting method suitable for communication device, and communication system | |
| CN112954048A (en) | Internet of things system based on internet of things encryption gateway | |
| EP3203700A1 (en) | Rdp data collection apparatus and method | |
| CN113225354B (en) | Method and system for analyzing secure channel encrypted data | |
| CN105743868A (en) | Data acquisition system supporting encrypted and non-encrypted protocols and method | |
| CN112165494B (en) | Message analysis method, device, electronic equipment and storage medium | |
| CN113315678A (en) | Encrypted TCP (Transmission control protocol) traffic acquisition method and device | |
| CN114139192B (en) | Encrypted traffic processing method, encrypted traffic processing apparatus, electronic device, medium, and program | |
| CN107786609A (en) | The collection playback system and method for a kind of RDP | |
| CN109286598B (en) | TLS channel encrypted RDP protocol plaintext data acquisition system and method | |
| CN109194650A (en) | Encrypted transmission method based on the remote encryption transmission system of file | |
| CN114363024A (en) | Data encryption transmission method and device, terminal equipment and storage medium | |
| KR101919762B1 (en) | An encrypted traffic management apparatus and method for decrypting encrypted traffics | |
| CN109617866B (en) | Industrial control system host session data filtering method and device | |
| CN114679260A (en) | Method, system and terminal for encrypting data by compatibly extending main key through bypass audit | |
| CN114707158A (en) | Network communication authentication method and network communication authentication system based on TEE | |
| KR101996044B1 (en) | ICAP protocol extension method for providing network forensic service of encrypted traffic, network forensic device supporting it and web proxy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |