I'm trying to decrypt data transmitted over SSL. I have set the RSA Keys section in Preferences / Protocol / SSL appropriately so that I can read the encrypted data. The problem is that my data is not HTTP nor any other protocol (that I can find) for specifying which subdisector to use. If I put in "http", I get a complaint about a Malformed GIF Image. (My data is simply "hello".) As a result, "Follow SSL Stream" also doesn't work. How can I tell Wireshark not to interpret my encrypted data? asked 07 Nov '11, 10:02  ELavy |
One Answer:
You can use "data" instead of "http" to tell the SSL dissector to pass the decrypted data to the "data" dissector. The data dissector does not try to further dissect the (decrypted) data. answered 07 Nov '11, 11:16  SYN-bit ♦♦ |
Perfect! Thanks.
I noticed that changes to the subdissector didn't take effect until I restarted WireShark, but I can deal with that.