Wireshark SSL debug log
Wireshark version: 2.0.5 (v2.0.5-0-ga3be9c6 from master-2.0)
GnuTLS version: 3.2.15
Libgcrypt version: 1.6.2
ssl_association_remove removing TCP 443 - http handle 00000277EE1E2800
4013 bytes read
PKCS#12 imported
Bag 0/0: PKCS#8 Encrypted key
KeyID[20]:
| 51 f1 fe 2a f4 26 7b db bc 55 30 fb c9 34 58 d8 |Q..*.&{..U0..4X.|
| 50 dd 4f 25 |P.O% |
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init private key file C:/cert.pfx successfully loaded.
ssl_init port '443' filename 'C:/cert.pfx' password(only for p12 file) 'Password'
association_add TCP port 443 protocol http handle 00000277EE1E2800
dissect_ssl enter frame #4 (first time)
association_find: TCP port 17008 found 0000000000000000
packet_from_server: is from server - FALSE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 80
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 75
decrypt_ssl3_record: app_data len 75, ssl state 0x00
association_find: TCP port 17008 found 0000000000000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 71 bytes, remaining 80
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #6 (first time)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 1380
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 49
decrypt_ssl3_record: app_data len 49, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 45 bytes, remaining 54
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_dissect_hnd_srv_hello found CIPHER 0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA -> state 0x17
record: offset = 54, reported_length_remaining = 1326
dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 1380
dissect_ssl enter frame #8 (first time)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 1190
dissect_ssl enter frame #12 (first time)
packet_from_server: is from server - FALSE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 198
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 134
decrypt_ssl3_record: app_data len 134, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining 139
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret
ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret
dissect_ssl3_handshake can't generate pre master secret
record: offset = 139, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
ssl_finalize_decryption state = 0x17
ssl_restore_master_key can't restore master secret using an empty Session ID
ssl_restore_master_key can't find master secret by Client Random
Cannot find master secret
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
record: offset = 145, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 150 48
decrypt_ssl3_record: app_data len 48, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 186 offset 150 length 5662814 bytes, remaining 198
dissect_ssl enter frame #13 (first time)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
ssl_dissect_change_cipher_spec No Session resumption, missing packets?
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
ssl_finalize_decryption state = 0x17
ssl_restore_master_key can't restore master secret using an empty Session ID
ssl_restore_master_key can't find master secret by Client Random
Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
record: offset = 6, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 11 48
decrypt_ssl3_record: app_data len 48, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 141 offset 11 length 9969585 bytes, remaining 59
dissect_ssl enter frame #14 (first time)
packet_from_server: is from server - FALSE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 901
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 896, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 17008 found 0000000000000000
association_find: TCP port 443 found 00000277EFF042E0
dissect_ssl enter frame #15 (first time)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 1380
dissect_ssl enter frame #16 (first time)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 00000277F0B25AD0
record: offset = 0, reported_length_remaining = 625
dissect_ssl enter frame #4 (already visited)
packet_from_server: is from server - FALSE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 80
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 71 bytes, remaining 80
dissect_ssl enter frame #6 (already visited)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1380
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 45 bytes, remaining 54
record: offset = 54, reported_length_remaining = 1326
dissect_ssl enter frame #7 (already visited)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1380
dissect_ssl enter frame #8 (already visited)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1190
dissect_ssl enter frame #12 (already visited)
packet_from_server: is from server - FALSE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 198
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining 139
record: offset = 139, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 145, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 186 offset 150 length 5662814 bytes, remaining 198
dissect_ssl enter frame #13 (already visited)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 6, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 141 offset 11 length 9969585 bytes, remaining 59
dissect_ssl enter frame #14 (already visited)
packet_from_server: is from server - FALSE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 901
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #15 (already visited)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1380
dissect_ssl enter frame #16 (already visited)
packet_from_server: is from server - TRUE
conversation = 00000277F0B252B0, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 625
Have you done the steps which are described here: https://blog.packet-foo.com/2016/07/how-to-use-wireshark-to-steal-passwords/