This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to config Master-key and Session-ID in wireshark

0

i read the "Follow SSL stream using Master-key and Session-ID"(http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id) but i don't knew how to config in wireshark, Edit-> preference->protocols->ssl, but where to set RSA Session-ID:xxxx Master-Key:xxxx,????

asked 07 May '12, 06:55

endofkok3's gravatar image

endofkok3
1112
accept rate: 0%


One Answer:

1

Within the SSL preferences, there should be a text box called

(Pre)-Master-Secret log filename

There you define the name of the file that contains the required information.

Sample, based on data from the link you posted:

c:\rsa.log
RSA Session-ID:B5AEB800F43F96A9BAD007A5D26423E43479B904166FA72A4789DEA15A830E26
Master-Key:454AD3030F0AE8234508DF959EF533675E225BBB388EE5F80A20A007BAB63E1ABB972F39401796FB02F27AF95AB083A4

BTW: If the text box is not there, you're probably using an older version of wireshark. In that case, please upgrade to the lastest version.

Please also check the SSL Decryption Wiki, for a different way to decrypt SSL, by using the RSA secret key of the server.

http://wiki.wireshark.org/SSL

Regards
Kurt

answered 07 May '12, 07:06

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 07 May '12, 07:08

Thank you very much, but now, I found another two questions: 1.I have to access ssl server through and http proxy, but openssl s_client can not support proxy. 2.I found that every time I run the openssl s_client command I got the different Session-Id and Master-Key, I don't know how to config them in rsa.log file.

(08 May '12, 05:35) endofkok3

1.) openssl does not support a proxy (to my knowledge). Maybe proxytunnel can help you: http://proxytunnel.sourceforge.net/intro.php

EDIT3: Additionally there is a patch available for proxy support in openssl: http://goo.gl/Ea0LB

2.) As it's a new SSL session, you will get a new Session-ID. I'll have to check if one can use multiple entries in the session log.

EDIT: According to the SSL debug log, Wireshark reads all line in that file and tries to find a matching Session-ID.

EDIT2: Just tested it with serveral Session-IDs in one file. It works.

(08 May '12, 06:23) Kurt Knochner ♦