Wireshark mailing list archives
Re: need help with decrypting ssl messages
From: Al <shaselai () yahoo com>
Date: Sun, 17 Oct 2010 19:04:01 -0700 (PDT)
hey, did you get my last response? possible to help out? thanks --- On Thu, 10/14/10, Burks, Doug <doug.burks () morris com> wrote:
From: Burks, Doug <doug.burks () morris com> Subject: Re: [Wireshark-users] need help with decrypting ssl messages To: "Community support list for Wireshark" <wireshark-users () wireshark org> Date: Thursday, October 14, 2010, 3:47 PM Your preferences config looks correct (it should be "http" NOT "https"). Two questions: 1. Does your capture contain the ENTIRE conversation (including the Client Hello)? 2. Have you tried "Follow SSL Stream" instead of "Follow TCP Stream"? Regards, -- Doug Burks, GSE, CISSP -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Al Sent: Thursday, October 14, 2010 3:15 PM To: wireshark-users () wireshark org Subject: [Wireshark-users] need help with decrypting ssl messages I followed a guide where I extracted my private key and insert it into the SSL from wireshark preferences like: 123.456.55.678,443,http,C:\testkey.pem I tried both http and https - i thought since i am talking to server in https it might be https? Anyway, both failed to decrypt (still see jargon raw data when i view TCP stream. The debug log gives me: ssl_association_remove removing TCP 443 - http handle 03164D48 ssl_init keys string: 123.456.55.678,443,http,C:\testkey.pem ssl_init found host entry 123.456.55.678,443,http,C:\testkey.pem ssl_init addr '123.456.55.678' port '443' filename 'C:\testkey.pem' password(only for p12 file) '(null)' Private key imported: KeyID 01:31:a7:9e:fc:94:8b:08:2f:17:65:13:20:f9:d3:81:... ssl_init private key file C:\testkey.pem successfully loaded association_add TCP port 443 protocol http handle 03164D48 dissect_ssl enter frame #4 (first time) ssl_session_init: initializing ptr 04E41BAC size 584 conversation = 04E41868, ssl_session = 04E41BAC record: offset = 0, reported_length_remaining = 100 packet_from_server: is from server - FALSE ssl_find_private_key server 123.456.55.678:443 client random len: 32 padded to 32 dissect_ssl2_hnd_client_hello found CLIENT RANDOM -> state 0x01 ........ So it seems the key has been found and loaded BUT when i check the STOPPED TCP stream it is still all jargon... what am i doing wrong here? thanks I am pretty sure i am on the right server since the key is loaded and i checked netstat and found the ip of the webservice... but still from wire shark the client basically does handshake and cert check with server and then afterwards server just sends "fin" and ends it.... really not sure whats going on here... ________________________________________________________________________ ___ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- need help with decrypting ssl messages Al (Oct 14)
- Re: need help with decrypting ssl messages Burks, Doug (Oct 14)
- Re: need help with decrypting ssl messages Al (Oct 14)
- Re: need help with decrypting ssl messages Stephen Fisher (Oct 17)
- Re: need help with decrypting ssl messages Al (Oct 18)
- Re: need help with decrypting ssl messages Al (Oct 14)
- Re: need help with decrypting ssl messages Al (Oct 17)
- Re: need help with decrypting ssl messages Burks, Doug (Oct 14)
- Re: need help with decrypting ssl messages Stephen Fisher (Oct 17)