I know you've been asked this before and said no, but are there plans to implement this feature? I have several clients that use SSL and while decrypting captures are not a problem, the inability to save it as decrypted is a genuine headache. asked 07 Aug '13, 09:35  Ken Cohen |
2 Answers:
The current trunk (development builds) of Wireshark also have a new (I'd guess still "experimental") "export PDUs" functionality that allows one to export PDUs. This can be used, for example, to export decrypted PDUs which can be read in with another copy of Wireshark that does not have any knowledge of the SSL configuration needed/used by the PDU exporter. It's still a work in progress but it looks as if it's passed the "proof of concept" phase. AFAICR it already supports exporting TLS/DTLS PDUs. answered 07 Aug '13, 11:40  JeffMorriss ♦ |
You can export the SSL session keys, which makes it possible to share the tracefile and provide only the keys necessary to decrypt the SSL sessions in the tracefile. This way someone else does not need the private key of the server to decrypt the traffic. It is on the wishlist to be able to save the session keys in the pcapng file, but for now you'll have to do with exporting the session keys to a text file. Go to "File -> Export SSL Session Keys..." to export the session keys. answered 07 Aug '13, 10:33  SYN-bit ♦♦ |
Hi guys!
This thread seem to have gone "cold"? I´m searching for same function as we need to send some dumps for review of external support at Citrix.
Any chance that this has been implemented yet? Cheers Marksu Korhonen
Well you can save it as a .txt file using export packet dissection..doesnt that work??
What was an experimental feature in August of 2013 was released in the 1.12.0 release about 6 months ago. So now the feature is there (File->Export PDUs to file).
Note that this function is only available in the GUI for now (see this question for what's happening on the tshark front).