This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decrypt website traffic SSL/TSL

0

Having an issue with decrypting traffic from a game, not trying to cheat, just trying to scrape the leaderboards off :)

In Environmental Variables, I've set SSLKEYLOGFILE to a text file. The file filled with all sorts of stuff, CLIENT_RANDOM and RSA things.

I've then gone through WS and set PRE MASTER SECRET LOG FILE to the above file.

I have then started capturing with the filter TCP == 443 and loaded the website. Loads of packets come in, the sources are 2/3 different IPs. However, the packets do not seem to decrypt and I'm still left with the garbage text.

I've set the log file for SSL also but that's empty apart from these few lines:

Wireshark SSL debug log

Wireshark version: 2.0.4 (v2.0.4-0-gdd7746e from master-2.0) GnuTLS version: 3.2.15 Libgcrypt version: 1.6.2

Any ideas how I can read this SSL/TSL feed in plain text or what am I doing wrong?

Thanks in advance.

asked 06 Apr ‘17, 01:47

King0r's gravatar image

King0r
6224
accept rate: 0%

edited 06 Apr ‘17, 01:49

Have you started the capture before connecting with the game? The full handshake must be available for decryption to work.

(06 Apr ‘17, 02:18) Lekensteyn

Yup even logged out completely, logged into the website and then loading the game up.

(07 Apr ‘17, 08:36) King0r

Is it possible to try a newer Wireshark version? If you are using Ubuntu, install ppa:wireshark-dev/stable

(12 Apr ‘17, 14:05) Lekensteyn


One Answer:

0

Well I'm still learning so forgive if I'm off base. Under Edit --> Preferences --> Protocols -->SSL, there are some setting to add a key file, pass phrase, and debug file for reassemble.

answered 11 Apr '17, 04:42

psiclonius's gravatar image

psiclonius
61
accept rate: 0%