如何使用wireshark和其他工具检查java(客户机服务器)中与SSL套接字的连接
我需要用Java开发一个带有SSL套接字的客户机-服务器桌面应用程序。其中一个要求是加密消息 我正在尝试一些internet示例代码,只是想知道如何进行加密连接。这些示例似乎工作正常,或者至少不会产生错误,但是我必须从Wireshark验证消息是否确实加密,但在Wireshark中我只看到TCP数据包。我认为证书和密钥库是正确的 JavaSSLServer.java如何使用wireshark和其他工具检查java(客户机服务器)中与SSL套接字的连接,java,sockets,ssl,encryption,tcp,Java,Sockets,Ssl,Encryption,Tcp,我需要用Java开发一个带有SSL套接字的客户机-服务器桌面应用程序。其中一个要求是加密消息 我正在尝试一些internet示例代码,只是想知道如何进行加密连接。这些示例似乎工作正常,或者至少不会产生错误,但是我必须从Wireshark验证消息是否确实加密,但在Wireshark中我只看到TCP数据包。我认为证书和密钥库是正确的 JavaSSLServer.java /** @web http://java-buddy.blogspot.com/ */ public class Jav
/**
@web http://java-buddy.blogspot.com/
*/
public class JavaSSLServer {
static final int port = 8000;
public static void main(String[] args) {
System.setProperty("javax.net.ssl.keyStore","/home/jose/serverKey.jks");
System.setProperty("javax.net.ssl.keyStorePassword","servpass");
SSLServerSocketFactory sslServerSocketFactory =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
try {
ServerSocket sslServerSocket =
sslServerSocketFactory.createServerSocket(port);
System.out.println("SSL ServerSocket started");
System.out.println(sslServerSocket.toString());
Socket socket = sslServerSocket.accept();
System.out.println("ServerSocket accepted");
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
try (BufferedReader bufferedReader =
new BufferedReader(
new InputStreamReader(socket.getInputStream()))) {
String line;
while((line = bufferedReader.readLine()) != null){
System.out.println(line);
out.println(line);
}
}
System.out.println("Closed");
} catch (IOException ex) {
Logger.getLogger(JavaSSLServer.class.getName())
.log(Level.SEVERE, null, ex);
}
}}
/**
@web http://java-buddy.blogspot.com/
*/
public class JavaSSLClient {
static final int port = 8000;
public static void main(String[] args) {
System.setProperty("javax.net.ssl.trustStore", "/home/jose/clientTrustedCerts.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "clientpass");
SSLSocketFactory sslSocketFactory =
(SSLSocketFactory)SSLSocketFactory.getDefault();
try {
Socket socket = sslSocketFactory.createSocket("localhost", port);
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
try (BufferedReader bufferedReader =
new BufferedReader(
new InputStreamReader(socket.getInputStream()))) {
Scanner scanner = new Scanner(System.in);
while(true){
System.out.println("Enter something:");
String inputLine = scanner.nextLine();
if(inputLine.equals("q")){
break;
}
out.println(inputLine);
System.out.println(bufferedReader.readLine());
}
}
} catch (IOException ex) {
Logger.getLogger(JavaSSLClient.class.getName())
.log(Level.SEVERE, null, ex);
}
}
}
JavaSSLClient.java
/**
@web http://java-buddy.blogspot.com/
*/
public class JavaSSLServer {
static final int port = 8000;
public static void main(String[] args) {
System.setProperty("javax.net.ssl.keyStore","/home/jose/serverKey.jks");
System.setProperty("javax.net.ssl.keyStorePassword","servpass");
SSLServerSocketFactory sslServerSocketFactory =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
try {
ServerSocket sslServerSocket =
sslServerSocketFactory.createServerSocket(port);
System.out.println("SSL ServerSocket started");
System.out.println(sslServerSocket.toString());
Socket socket = sslServerSocket.accept();
System.out.println("ServerSocket accepted");
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
try (BufferedReader bufferedReader =
new BufferedReader(
new InputStreamReader(socket.getInputStream()))) {
String line;
while((line = bufferedReader.readLine()) != null){
System.out.println(line);
out.println(line);
}
}
System.out.println("Closed");
} catch (IOException ex) {
Logger.getLogger(JavaSSLServer.class.getName())
.log(Level.SEVERE, null, ex);
}
}}
/**
@web http://java-buddy.blogspot.com/
*/
public class JavaSSLClient {
static final int port = 8000;
public static void main(String[] args) {
System.setProperty("javax.net.ssl.trustStore", "/home/jose/clientTrustedCerts.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "clientpass");
SSLSocketFactory sslSocketFactory =
(SSLSocketFactory)SSLSocketFactory.getDefault();
try {
Socket socket = sslSocketFactory.createSocket("localhost", port);
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
try (BufferedReader bufferedReader =
new BufferedReader(
new InputStreamReader(socket.getInputStream()))) {
Scanner scanner = new Scanner(System.in);
while(true){
System.out.println("Enter something:");
String inputLine = scanner.nextLine();
if(inputLine.equals("q")){
break;
}
out.println(inputLine);
System.out.println(bufferedReader.readLine());
}
}
} catch (IOException ex) {
Logger.getLogger(JavaSSLClient.class.getName())
.log(Level.SEVERE, null, ex);
}
}
}
我添加了System.setProperty(
在Wireshark中:
其他示例:
Wireshark的结果相似
我想与SSL套接字建立连接,对客户端和服务器之间的消息进行加密,并且可以通过Wireshark进行验证(这是另一个要求)
我的问题是:
- 如何验证消息是否使用wireshark进行了加密
- 我是否应该看到SSL/TLS数据包而不是TCP来断定它们是加密的
- 你能告诉我一些示例代码是错误的还是不完整的吗
为了验证,您可以过滤连接的两个IP/端口对上的Wireshark捕获,然后将该TCP流解码为
TLS
,并查看是否成功。如果成功,它将显示连接的前几个数据包(在TCP三方握手之后)是未加密的TLS握手(交换证书并协商加密值),随后的数据包是加密的TLS数据包。发送一条已知消息,看看是否可以在Wireshark中看到它。这是实际的要求。