sklton-key

command module

v0.0.0-...-580bbd0 Latest Latest Go to latest Published: Oct 24, 2021 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/amlweems/sklton-key

Links

Open Source Insights

README ¶

sklton-key

sklton-key, pronounced 'skeleton key', allows you to decrypt TLS traffic of a target go process. sklton-key attaches to go processes and intercepts the KeyLogWriter method to enable SSLKEYLOGFILE-style logging of TLS secrets.

Requirements

binary must contain DWARF debugging information
binary must be compiled with at least go1.8

Installation

go install github.com/amlweems/sklton-key

Usage

$ sklton-key -h
Usage of sklton-key:
  -pid int
    	Pid to attach to.
  -cmd string
    	Command to launch and attach to.
  -log string
    	Log file to write key log to (default "skl.log")
  -tcpdump
    	If true, capture packets and save pcap to a file
  -dev string
    	Device to capture packets on (default "eth0")
  -pcap string
    	Path to write pcap to (default "skl.pcap")

You may now start your target process and launch sklton-key to begin writing the key log:

$ sklton-key -cmd ./target-binary -tcpdump -dev en0

Once the binary begins making requests, you can use Wireshark to decrypt the packet capture. Wireshark 1.6.0 and above can use these log files to decrypt packets. Set the following Wireshark setting to your skl.log file.

Edit→Preferences→Protocols→TLS→(Pre)-Master-Secret log filename

Wireshark screenshot showing packet decryption.

Documentation ¶

Rendered for

Overview ¶

sklton-key attaches to arbitrary golang processes and intercepts the KeyLogWriter method to enable SSLKEYLOGFILE-style debugging of a target.

KeyLogWriter was introduced in go1.8:

https://github.com/golang/go/commit/320bd562cbb24a01beb02706c42d06a290160645

TLS 1.3 support was added in go1.13

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

sklton-key

Requirements

Installation

Usage

Documentation ¶

Overview ¶

Copyright 2020 Anthony Weems ¶

Source Files ¶