wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: [Wireshark-dev] Need help with decrypting wiresha

[Wireshark-dev] Need help with decrypting wireshark data....

From: Al <shaselai_at_nospam>
Date: Wed Oct 13 2010 - 21:13:20 GMT
To: wireshark-dev@wireshark.org

I followed a guide where I extracted my private key and insert it into the SSL from wireshark preferences like:

123.456.55.678,443,http,C:\testkey.pem

I tried both http and https - i thought since i am talking to server in https it might be https? Anyway, both failed to decrypt (still see jargon raw data when i view TCP stream. The debug log gives me:

ssl_association_remove removing TCP 443 - http handle 03164D48
ssl_init keys string:
123.456.55.678,443,http,C:\testkey.pem
ssl_init found host entry 123.456.55.678,443,http,C:\testkey.pem
ssl_init addr '123.456.55.678' port '443' filename 'C:\testkey.pem' password(only for p12 file) '(null)'
Private key imported: KeyID 01:31:a7:9e:fc:94:8b:08:2f:17:65:13:20:f9:d3:81:...
ssl_init private key file C:\testkey.pem successfully loaded
association_add TCP port 443 protocol http handle 03164D48

dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 04E41BAC size 584
  conversation = 04E41868, ssl_session = 04E41BAC
  record: offset = 0, reported_length_remaining = 100
packet_from_server: is from server - FALSE
ssl_find_private_key server 123.456.55.678:443
client random len: 32 padded to 32
dissect_ssl2_hnd_client_hello found CLIENT RANDOM -> state 0x01
........

So it seems the key has been found and loaded BUT when i check the STOPPED TCP stream it is still all jargon... what am i doing wrong here? thanks

      
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe