This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to decrypt SSL Traffic using wireshark

0

I got an SSL trace file ran on a traffic generator which is copied to my local machine. I know the way to navigate wireshark for decrypting the SSL traffic but confused with what key/cert i need to feed as input to wireshark(RSA KEY LIST/Keys) in this case . Here is the bunch of information i got.

Client certificate

Client Private key

Server ca cert

I came to know that the file should be converted to .pem for wireshark to decrypt. Please let me know which one to pick from above 3 for decryption.

Thanks

asked 03 Jul '14, 15:39

krishnayeddula's gravatar image

krishnayeddula
629354148
accept rate: 6%


One Answer:

0

Have a look at the Wireshark wiki on SSL. You need to add a private key. The certificates (both CA and client/server) are useless as they are already sent over the wire and do not contains decryption keys anyway.

Be aware of some possible limitations. In particular the choice of cipher suites, PFS cipher suites (the (EC)DHE ones) cannot be decrypted even if you posess the private key. If you have access to the Pre-Master secrets, then you do not have this limitation, but it will require cooperation from the application to get these keys.

answered 04 Jul '14, 01:22

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%