With previous versions (1.4.x) of tshark I've used the ssl.key_list option, in the following way: But this seems to no longer work, probably because with new versions of wireshark, ssl keys are specified in a file of their own and not under the preferences file. So how should I specify the ssl keys for tshark in 1.6? Must I edit the ssl config file? Is it a bug? asked 27 Jun '11, 06:51  r0u1i edited 27 Jun '11, 06:51 |
One Answer:
New version Wireshark(v1.6x) put the ssl.key_list to a file named ssl_keys which is in personal profile folder, copy the string and paste under the "-o ssl.keys_list:" option, the difference between the new version and old version is the "ssl.key_list" option format, new version should use UAT string, following is a command line which works for me. tshark -r private_bob.pcap -o ssl.keys_list:"192.168.3.206","443","http","e:\education\ssl\wireshark_ssl\private-key.pem" -o ssl.debug_file:"e:\temp\ssl-debug.log" -V -R http It seems only work with key file in PEM format without passphrase, I can't use a p12 format cert file with private key even I provide the passphrase for the private key like in Wireshark. answered 25 Aug '11, 18:36  Raymond Wang edited 09 Feb '12, 05:06  grahamb ♦ |
Check the option string in ssl_keys file, I find all the backslash in the key file path are lost in my answer.
thanks, and sorry for the late response. Works in 1.6.2, but seems that it doesn't work anymore in 1.6.5 ... investigating further
To display the "\" character in your answer, you need to "escape" it with another backslash. You also need to prefix an underscore with a backslash. I've fixed the backslashes and underscores in your answer.
the private-key.pem is on web-server? i want use to call the remote server.... fiddler dont need any key file,but that only support windows.