Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

improve debugging with Wireshark #10299

Open
2 tasks done
wkloucek opened this issue Nov 21, 2022 · 2 comments
Open
2 tasks done

improve debugging with Wireshark #10299

wkloucek opened this issue Nov 21, 2022 · 2 comments
Labels
Milestone

Comments

@wkloucek
Copy link

wkloucek commented Nov 21, 2022

Pre-submission Checks

  • I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
  • I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.

Feature description

Have the ability to store pre master keys during SSL handshake to a file for debug / testpilotcloud builds.

These keys can be taken by Wireshark to decrypt the SSL traffic and inspect it.

Proposed solution

Use SSLKEYLOGFILE described by https://firefox-source-docs.mozilla.org/security/nss/legacy/key_log_format/index.html, which is supported by many software stacks, like Firefox or Chromium (in debug builds).

An example implementation can be found here: https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c

Alternative solutions you considered

Switch transport to http. This needs to be done on the server side and cannot be done without changing the server configuration.

I did it for oCIS and it is quite a pain:

  1. Remove the https middleware
diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go
index b52c99e74..469767e47 100644
--- a/services/proxy/pkg/command/server.go
+++ b/services/proxy/pkg/command/server.go
@@ -214,7 +214,7 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config)
                chimiddleware.RealIP,
                chimiddleware.RequestID,
                middleware.AccessLog(logger),
-               middleware.HTTPSRedirect,
+               //middleware.HTTPSRedirect,
                middleware.OIDCWellKnownRewrite(
                        logger, cfg.OIDC.Issuer,
                        cfg.OIDC.RewriteWellKnown,
  1. make "web" a native OIDC client
clients:
- id: web
  name: ownCloud Web app
  trusted: true
  secret: ""
  redirect_uris:
  - 'http://localhost:9200/'
  - 'http://localhost:9200/oidc-callback.html'
  - 'http://localhost:9200/oidc-silent-redirect.html'
  origins:
  - 'http://localhost:9200'
  application_type: "native"
  1. start ocis server with following options:
    • PROXY_TLS=false
    • OCIS_URL=http://localhost:9200
    • MICRO_REGISTRY=mdns
    • OCIS_OIDC_ISSUER=https://localhost:9201
  2. start ocis proxy server with following options:
    • OCIS_URL=http://localhost:9200
    • PROXY_HTTP_ADDR=127.0.0.1:9201
    • PROXY_DEBUG_ADDR=127.0.0.1:9204
    • MICRO_REGISTRY=mdns
    • OCIS_OIDC_ISSUER=https://localhost:9201
  3. connect the Desktop client to "https://localhost:9201"
  4. stop the Desktop client and edit ~/.config/testpilotcloud/testpilotcloud.cfg or the respective file for your OS / Desktop client flavor. Change https://localhost:9201 to http://localhost:9200
  5. start debugging

Additional context

No response

@github-actions
Copy link

This issue was marked stale because it has been open for 30 days with no activity. Remove the stale label or comment or this will be closed in 7 days.

@github-actions github-actions bot added the Stale label Dec 23, 2022
@wkloucek wkloucek removed the Stale label Dec 23, 2022
@github-actions
Copy link

This issue was marked stale because it has been open for 30 days with no activity. Remove the stale label or comment or this will be closed in 7 days.

@github-actions github-actions bot added the Stale label Jan 23, 2023
@TheOneRing TheOneRing removed the Stale label Jan 24, 2023
@TheOneRing TheOneRing added this to the Backlog milestone Jan 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants