This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, I have read answers on this forum and i am trying to decrypt a tls capture with sessionID length 0.But I am running into some trouble in making wireshark read my master key.So please help!!

I have master key from openssl and this is what my premaster_ras.log file looks like

RSA Session-ID: Master-Key:7e94966b1345e253c4d2dc4d738d33dec03d8149181ab6630891cfe08c2436cd8ed97cdbcac33b9efc81c3feef415ae0

and this is my Debug file.

I put a print in my code and printed the SSL master key and sessionID

koundi-Session ID is 0000000000000000000000000000000000000000000000000000000000000000

koundi-master key is 7e94966b1345e253c4d2dc4d738d33dec03d8149181ab6630891cfe08c2436cd8ed97cdbcac33b9efc81c3feef415ae0 session_id_length is :0 master_key_length is :48

Thanks!!

asked 18 Feb '15, 06:09

koundi's gravatar image

koundi
9791119
accept rate: 0%


Mapping from a Session ID to a master secret can only be resolved if the Server Hello message contains such a Session ID. In your case it is empty:

ssl_restore_session Cannot restore using an empty SessionID

Solution: find the Client Hello message and copy its Client Random (32-bytes, 64 hex chars). Then create the SSL keylog file containing:

CLIENT_RANDOM (64 hex chars here) 7e94966b1345e253c....(etc)....9efc81c3feef415ae0

Reload the capture file and you are set.

permanent link

answered 18 Feb '15, 09:30

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Thanks so much for replying, I did try giving the Client random yesterday but i gave only 16 hex chars ..So it did not work today i gave it 64 hex chars and it shows in my debug file that master secret found and it does decrypt the frames.But in the UI wireshark packets are still encrypted tls.Also I am NOT trying to decrypt https ..so can u help me with that too:)

Thanks :)

(18 Feb '15, 22:20) koundi
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×75
×56

question asked: 18 Feb '15, 06:09

question was seen: 1,986 times

last updated: 18 Feb '15, 22:20

p​o​w​e​r​e​d by O​S​Q​A