This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSL capture

0

I have my SSL client's encrypted RSA key. I'm trying to capture the SSL traffic on a PC in the network. I understand that there are some settings I need to do on the wireshark or decrypt key. Please help me on how to do this.

Thanks a lot

asked 14 Sep '11, 13:11

jennyliusd's gravatar image

jennyliusd
1111
accept rate: 0%

One Answer:

1

Sake did an much referenced presentation at Sharkfest'09 on the subject. Check it out.

answered 14 Sep '11, 13:20

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

:-) Thx for the reference Jaap!

(14 Sep '11, 15:11) SYN-bit ♦♦

Thx for the doc. It is very helpful. But I'm confused on removing the passphrase. Where do I type the command? On page 56: [email protected]# openssl rsa -in encrypted.key -out cleartext.key

Enter pass phrase for encrypted.key: <passphrase>

writing RSA key

[email protected]#

Where do I find the <passphrase>?

Thank you.

(14 Sep '11, 17:00) jennyliusd

If the key is encrypted with a passphrase, then the administrator that provided the key to you will have the passphrase.

(14 Sep '11, 17:11) SYN-bit ♦♦

Do I need this for Server's key or Client's key? Sounds like I need the decrypted Server's RSA key on Wireshark, right?

(15 Sep '11, 08:25) jennyliusd

On wireshark preference settings: ssl.keys_list: 192.168.3.3,443,http,c:key.pem

Is the IP address for my PC or the server?

Thank you.

(15 Sep '11, 08:35) jennyliusd

You will need the (decrypted) private key of the server. And in the preferences you will use the server IP address, not the client IP address.

(15 Sep '11, 08:52) SYN-bit ♦♦
showing 5 of 6 show 1 more comments