SSL/TLS network encryption communication information real-time decryption method based on memory analysis

Abstract

The invention discloses an SSL / TLS network encryption communication information real-time decryption method based on memory analysis. The method comprises the following steps: monitoring a network encryption communication session key generation function and an encryption communication session ID generation function by using a process injection technology and an API Hook technology through an Agentto obtain an encryption communication session ID and a corresponding encryption key; obtaining a local IP address of the client through the Agent; encrypting the acquired encryption communication session ID, the network encryption communication session key and the local IP address of the client through a temporarily generated symmetric encryption key, and sending the encrypted data to a network decryption end; and after receiving the encrypted data, obtaining a local IP address of the client, the encryption communication session ID and a decryption key of the corresponding session, and decrypting and storing the corresponding network encryption communication session in real time. According to the invention, the extraction of the network communication encryption key and the real-time decryption of the network encryption communication content can be effectively realized, and the detection efficiency is improved.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a real-time decryption method of SSL / TLS network encrypted communication information based on memory analysis. Background technique [0002] In cryptography, coding studies the method of keeping communication secrets from being leaked and stolen, while deciphering ciphers analyzes and decrypts intercepted ciphertexts for the purpose of obtaining communication information. In recent years, with the widespread promotion and application of the Internet, incidents of network theft and leaks have occurred frequently. Based on coding in cryptography, a variety of network encrypted communication mechanisms have been formed, such as SSL (Secure Sockets Layer) and its upgraded version of TLS. (Transport Layer Security Transport Layer Security). [0003] At present, network encrypted communication based on SSL / TLS has been widely popularized and applied, thereby ensuring the...

AI Technical Summary

Problems solved by technology

[0005] Based on this, in view of the above problems, the present invention provides a real-time decryption method for SSL / TLS network encrypted communication information based on memory analysis, adopts a bypass deployment method, and uses information entropy theory, memory analysis technology and terminal behavior monitoring. Injection and API Hook technology, combined with network socket communication and network communication traffic capture and decryption system, realizes the extraction of network communication encryption keys and real-time decryption of network encrypted communication content, providing a solution for traditional network security detection and analysis and network attack evidence collection plaintext data, thereby solving the problem of being unable to detect due to network communication encryption, and improving detection efficiency

Images