i am new to wireshark and trying to get a little exposer. Is there any way to export SSL session key through command line.
Please help me....
\Thanks in advance... :)
asked 10 Apr '13, 07:08
As @SYN-bit said, there is no CLI option to do that.
But, you could run tshark with a SSL debug file and then extract the SSL session keys from the debug file.
Use a command like this (not tested lately!).
Please replace x.x.x.x with the IP address of your server.
After tshark has finished, parse the file ssl_debug.log (with your preferred scripting language) and extract the SSL session keys. Search for the string below and extract the consecutive lines, which is the SSL session key in HEX.
answered 10 Apr '13, 07:31
Kurt Knochner ♦
edited 10 Apr '13, 07:53
As @Kurt pointed out, the SSL session keys are available in the ssl-debug file (nice one Kurt), it just needs to be reformatted.
I did a little CLI mungling and came with the following oneliner (on multiple lines for readability):
Which transforms the following output in the ssl-debug file:
Which is the format needed for Wireshark to be able to import the session keys to decrypt the SSL sessions in the file without the need for the private key.
(multiple session keys in the debug file will be converted)
answered 10 Apr '13, 08:11
edited 10 Apr '13, 08:27
Unfortunately not, that has not (yet?) been implemented, so for now, you will need to use the Wireshark GUI to export the SSL session keys.
answered 10 Apr '13, 07:14