Having an issue with decrypting traffic from a game, not trying to cheat, just trying to scrape the leaderboards off :) In Environmental Variables, I've set SSLKEYLOGFILE to a text file. The file filled with all sorts of stuff, CLIENT_RANDOM and RSA things. I've then gone through WS and set PRE MASTER SECRET LOG FILE to the above file. I have then started capturing with the filter TCP == 443 and loaded the website. Loads of packets come in, the sources are 2/3 different IPs. However, the packets do not seem to decrypt and I'm still left with the garbage text. I've set the log file for SSL also but that's empty apart from these few lines:
Any ideas how I can read this SSL/TSL feed in plain text or what am I doing wrong? Thanks in advance. asked 06 Apr ‘17, 01:47 King0r edited 06 Apr ‘17, 01:49 |
One Answer:
Well I'm still learning so forgive if I'm off base. Under Edit --> Preferences --> Protocols -->SSL, there are some setting to add a key file, pass phrase, and debug file for reassemble. answered 11 Apr '17, 04:42 psiclonius |
Have you started the capture before connecting with the game? The full handshake must be available for decryption to work.
Yup even logged out completely, logged into the website and then loading the game up.
Is it possible to try a newer Wireshark version? If you are using Ubuntu, install ppa:wireshark-dev/stable