Wireshark mailing list archives
Need help with decrypting wireshark data....
From: Al <shaselai () yahoo com>
Date: Wed, 13 Oct 2010 14:13:20 -0700 (PDT)
I followed a guide where I extracted my private key and insert it into the SSL from wireshark preferences like: 123.456.55.678,443,http,C:\testkey.pem I tried both http and https - i thought since i am talking to server in https it might be https? Anyway, both failed to decrypt (still see jargon raw data when i view TCP stream. The debug log gives me: ssl_association_remove removing TCP 443 - http handle 03164D48 ssl_init keys string: 123.456.55.678,443,http,C:\testkey.pem ssl_init found host entry 123.456.55.678,443,http,C:\testkey.pem ssl_init addr '123.456.55.678' port '443' filename 'C:\testkey.pem' password(only for p12 file) '(null)' Private key imported: KeyID 01:31:a7:9e:fc:94:8b:08:2f:17:65:13:20:f9:d3:81:... ssl_init private key file C:\testkey.pem successfully loaded association_add TCP port 443 protocol http handle 03164D48 dissect_ssl enter frame #4 (first time) ssl_session_init: initializing ptr 04E41BAC size 584 conversation = 04E41868, ssl_session = 04E41BAC record: offset = 0, reported_length_remaining = 100 packet_from_server: is from server - FALSE ssl_find_private_key server 123.456.55.678:443 client random len: 32 padded to 32 dissect_ssl2_hnd_client_hello found CLIENT RANDOM -> state 0x01 ........ So it seems the key has been found and loaded BUT when i check the STOPPED TCP stream it is still all jargon... what am i doing wrong here? thanks ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Need help with decrypting wireshark data.... Al (Oct 13)
- <Possible follow-ups>
- Re: Need help with decrypting wireshark data.... Al (Oct 14)
- Re: Need help with decrypting wireshark data.... Al (Oct 14)