With Wireshark you are able to decrypt SSL traffic if you have the server private key in the PEM format (Base64 encoded).
Following my current scenario ... I created a self signed CA certificate (just for testing) and a server certificate signed with previous CA certificate. I have the sample AMQP test broker available with AMQP .Net Lite library up and running that accepts traffic on 5671 port using the above server certificate. With my client (using AMQP .Ney Lite) I'm able to send encrypted messages to the broker. Last step is to use my self generated (with openssl) server private key to decrypt this traffic inside Wireshark. I'm blocked on this step because when I try to add my RSA private key in the related list, Wireshark warnings me that a dissector for amqp protocol isn't available and shows me all the available dissectors (spdy as TCP on 443 and so on ...). I asked a question on Wireshark forum to add amqp as available dissector to decrypt traffic. It's very strange because Wireshark is already able to decode clear AMQP traffic on port 5672. However, if you have private key you are able to decode SSL traffic using Wireshark. This feature is available in Fiddler too (in that case only for HTTPS traffic). Paolo Sent from my Windows Phone ________________________________ From: aconway<mailto:[email protected]> Sent: 28/08/2015 14:31 To: [email protected]<mailto:[email protected]> Subject: Re: AW: AMQP blog On Fri, 2015-08-28 at 06:46 +0000, Aschenbrenner, Erik wrote: > Hi Paolo, hi Chuck! > > > Nice to see some other AMQP experts here on the user list. > > In your blogs you deal with Wireshark to trace and dissect AMPQ > traffic. Did you ever try to dissect encrypted AMQP traffic with > Wireshark? Because in real word AMQP traffic may be encrypted (at > least in the one real world application I'm working on). In the > Wireshark forum (https://ask.wireshark.org/questions/43961/amqp-10-tr > affic-not-dissected-with-wireshark-1126) the creator of the AMQP > dissector for Wireshark said that there is now way to decode > encrypted traffic in Wireshark. Maybe this would be an idea for > another blog post to find out if this is true ;-) > This is not a problem specific to AMQP. The point of encryption is to make it impossible to read the encrypted data, wireshark can't do anything to get around that. It is a "layered" problem - for example the TCP headers of an encrypted SSL connection are not themselves encrypted otherwise they couldn't be routed. So wireshark can show you that there are TCP packets with SSL encrypted contents, but can't show you the content. All the Qpid tools use SSL or SASL to create a fully encrypted "tunnel" through which AMQP traffic passes. There's no way for wireshark to see inside this tunnel. An application could encrypt just the message contents and leave the AMQP protocol in the clear but I don't think that is common practice. > Regards, > Erik > > -----Ursprüngliche Nachricht----- > Von: Paolo Patierno [mailto:[email protected]] > Gesendet: Freitag, 28. August 2015 08:27 > An: [email protected] > Betreff: RE: AMQP blog > > Hi Chuck, > nice and very useful article ! > Articles like these help people to understand better AMQP > specification. > > I'd like to add my three part series of "AMQP type system explained > by examples". I used AMQP .Net Lite too. > > https://paolopatierno.wordpress.com/2015/07/20/amqp-protocol-the-buil > tin-type-system-by-examples/ > > https://paolopatierno.wordpress.com/2015/07/23/amqp-on-the-wire-messa > ges-content-framing/ > > https://paolopatierno.wordpress.com/2015/07/24/amqp-message-accepted- > encoding-on-the-wire/ > > Thanks, > Paolo > > > Sent from my Windows Phone > ________________________________ > From: Chuck Rolke<mailto:[email protected]> > Sent: 27/08/2015 23:36 > To: [email protected]<mailto:[email protected]> > Subject: AMQP blog > > I've got a blog series going and I've just posted "AMQP Illustrated", > an article that might be of interest here. > Please see > https://chugrolke.wordpress.com/2015/08/27/amqp-illustrated/ > > To date my series of blogs has been focused on the Apache ActiveMQ > AMQP broker and Microsoft AMQP.Net Lite client, neither of which is > under the Qpid umbrella. AMQP Illustrated is different. It dissects a > simple HelloWorld example and explains the AMQP activity that happens > over the wire. The illustration part is a web page with loads of AMQP > smarts that helps you see what's going on at a high level and still > easily drills down into the details. > > I have a github project https://github.com/ChugR/Adverb that contains > the network-trace-to-web-page logic. Check it out and let me know if > it is useful for you. > > -Chuck > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For > additional commands, e-mail: [email protected] > > -- > icubic AG > Mittelstraße 10 > 39114 Magdeburg > Germany > > Tel.: +49 391 59 80 9-0 > Fax: +49 391 59 80 9-99 > > [email protected] > <mailto:[email protected]>www.icubic.de > <http://www.icubic.de/> > Vorstandsvorsitzender/ Chairman of the Board: Dietmar Jakal > Vorstand/ Board of Directors: Dietmar Jakal, Andreas Nold, Jürgen > Pfister > Aufsichtsratsvorsitzender/ Chairman of the Supervisory Board: Dr. > Holger von Daniels > Handelsregister/ Commercial Register: Amtsgericht/Local Court > Stendal: HRB: 111420 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
