This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to decrypt SSL on OS X

0

Hi, I'm trying to learn how to monitor what's going on on my home network (cellphones, computers). Up to now, I was able to capture data in monitor mode, and I managed to decrypt 802.11 packets with my wifi keys provided to Wireshark and the complete capture of the Eapol handshake. (I'm a beginner btw.) Next step, I want to be able to decrypt SSL, since I'm certainly far from having a complete picture of my network's traffic without this figured out. I'd like to be able to decrypt what's going on my computer, but on the other devices' too. I tried the technique with the SSLKEYLOGFILE variable linking, but can't seem to be able to make that happen. Here's exactly what I did, thanks for helping me understand what I'm doing wrong:

  • I type the following command in my Terminal: export SSLKEYLOGFILE=/Users/heresmyusername/sslkeylogs/output.log
  • followed by: open -a "Google Chrome"
  • followed by: wireshark
  • then I open in Wireshark the capture file I want to decrypt
  • and in preferences --> protocole --> SSL: I type the following in the pre-master-secret field: Users/heresmyusername/sslkeylogs/output.log and apply this configuration
  • and major failure.....

My guess is that I make a syntax mistake..?

Thanks for your help!!

asked 30 Nov '15, 17:05

p1020175's gravatar image

p1020175
6335
accept rate: 0%

edited 05 Dec '15, 09:59


One Answer:

0

I have no personal experience with OS X, but I'd expect that the path to the ssl key log file should be absolute even there. So unless you've omitted it only when creating the question, the initial / is missing in the pre-master secret field.

answered 05 Dec '15, 10:51

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%