i read the "Follow SSL stream using Master-key and Session-ID"(http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id) but i don't knew how to config in wireshark, Edit-> preference->protocols->ssl, but where to set RSA Session-ID:xxxx Master-Key:xxxx,???? asked 07 May '12, 06:55  endofkok3 |
One Answer:
Within the SSL preferences, there should be a text box called
There you define the name of the file that contains the required information. Sample, based on data from the link you posted:
BTW: If the text box is not there, you're probably using an older version of wireshark. In that case, please upgrade to the lastest version. Please also check the SSL Decryption Wiki, for a different way to decrypt SSL, by using the RSA secret key of the server.
Regards answered 07 May '12, 07:06  Kurt Knochner ♦ edited 07 May '12, 07:08 |
Thank you very much, but now, I found another two questions: 1.I have to access ssl server through and http proxy, but openssl s_client can not support proxy. 2.I found that every time I run the openssl s_client command I got the different Session-Id and Master-Key, I don't know how to config them in rsa.log file.
1.) openssl does not support a proxy (to my knowledge). Maybe proxytunnel can help you: http://proxytunnel.sourceforge.net/intro.php
EDIT3: Additionally there is a patch available for proxy support in openssl: http://goo.gl/Ea0LB
2.) As it's a new SSL session, you will get a new Session-ID. I'll have to check if one can use multiple entries in the session log.
EDIT: According to the SSL debug log, Wireshark reads all line in that file and tries to find a matching Session-ID.
EDIT2: Just tested it with serveral Session-IDs in one file. It works.