Decrypt step

asked 2021-02-21 17:11:35 +0000

eliassal gravatar image

Hi, I have followed the step by step on wiki but traffic is not getting decrypted. Wireshark version 3.4.3-0 on win 10 64. I have a local dev web site for which I created a certificate, accepted by google and can access web site on port 5041 using https. environment variable SSLKEYLOGFILE is set and gets populated, I updated the TLS pre-master as indicated, debug file is generated when I switch to traffic in Wireshark I see TLSv1.2 trafic but everything is encrypted and don't have http stream as expected. Am I missing something? Thanks for your help. Here is some text from the debug file

edit retag flag offensive close merge delete

Comments

Here is some text from debug file Wireshark SSL debug log 

Wireshark version: 3.4.3 (v3.4.3-0-g6ae6cd335aa9)
GnuTLS version:    3.6.3
Libgcrypt version: 1.8.3


dissect_ssl enter frame #1059 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000001C35B828530, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 277
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 268 bytes

dissect_ssl enter frame #1064 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000001C35B828530, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 1586
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 90 bytes
ssl_dissect_hnd_hello_ext_alpn: changing handle 000001C35AAD48D0 to 000001C35AAD48D0 (http2)dissect_ssl3_handshake iteration 0 type 11 offset 99 length 1114 bytes
dissect_ssl3_handshake iteration 0 type 12 offset 1217 length 361 bytes
dissect_ssl3_handshake iteration 0 type 14 offset 1582 length 0 bytes

dissect_ssl enter frame #1070 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000001C35B828530, ssl_session = 0000000000000000
  record ...
(more)
eliassal gravatar imageeliassal ( 2021-02-21 17:11:57 +0000 )edit
add a comment