I'm trying to decrypt WSS (websocket secure) traffic in in Wireshark, but for some reason I cannot make it work. Here are the steps I followed:
Any idea why that is?
Thanks a lot in advance, Antonis Tsakiridis
asked 30 Jun '17, 05:53
I think you're out of luck. The TLS connection is using TLS session resumption as the Client Hello provides a Session ID which the server echo's back indicating that the server has retained state for that particular Session ID so no server certificate is required. As the capture does not include the original TLS session that created that Session ID Wireshark (currently) fails to decrypt the session.
You capture also seems to contain a lot of duplicate messages which I eliminated using
answered 05 Jul '17, 08:27