18.01.12 segfault.in ª Decrypt HTTPS Traffic Using Wireshark And Key File 1/6 segfault.in/2010/11/decrypt-https-traffic-using-wireshark-and-key-file/ segfault.in vinod's blog Home DEBIAN/UBUNTU FREEBSD HOW-TOS JAVA LINUX PHP PROGRAMMING PYTHON Uncategorized VIM Home > HOW-TOS > Decrypt HTTPS Traffic Using Wireshark And Key File Decrypt HTTPS Traffic Using Wireshark And Key File November 16th, 2010 vinod Wireshark is a useful tool in troubleshooting. Wireshark can decrypt SSL traffic as long as you have the server private key. This can be extremely useful, if you have to debug HTTPS traffic and cannot use HTTP instead. First we will capture a HTTPS traffic for our testing. Here our HTTPS server¶s ip address is 192.168.x.x and the port is default 443. I prefer to use tcpdump for packet capture but you can do it using the Wireshark. The below command will capture all the encrypted traffic to and from from our server. $ sXdo tcpdump -Z / tmp / ssl.pcap -ni eth0 -s0 host 192.168.[.[ port 443 The captured data will go to the ssl.pcap file. Once you have the captured packets in the file open it in the Wireshark. Use the ³Follow TCP Stream´ options and you can see the encrypted data.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
18.01.12 segfault.in » Decrypt HTTPS Traffic Using Wireshark And Key File
Next thing we need is the server’s private key. Once you have the key file to decrypt the traffic, just goto“Edit -> Preferences”. Now on the left side menu choose “Protocols -> SSL”. Fill “RSA Key list” field
in the format <host>, <port>, <protocol>, <key_file>. ie We will specify the server’s IP address, the porton which the server listens and the path to the server’s private key. The file format needed for the server’s
private key is PEM. In our example it is 192.168.x.x, 443, https, /path/to/keyfile.pem.
Now Apply the setting and return to main window.
Now if you click on each row you can see a “Decrypted SSL Data (size) “ tab on the bottom of “PacketBytes” frame. This tab will be shown if there is any decrypted data available.
18.01.12 segfault.in » Decrypt HTTPS Traffic Using Wireshark And Key File