Hello all and thank you for your time.
My main goal is to capture encrypted traffic between my PC and another device which both are on the same network (router). PC is connected via WiFi and the device is connected via hardline (RJ45).
Let me quickly explain the scenario:
I created a certificate using OpenSSL with RSA. Mailed certificate to get signed. Received signed certificate. Converted the certificate and was prompted with a passkey
cmd was as follows :
pkcs12 -export -in filename.cer -inkey filename.key -out filename.p12 -name tomcat -CAfile abcd.cer -cname root -chain
This signed certificate (.p12) is then copied into the tomcat directory and being used to encrypt traffic from my PC to some local device.
I converted the .p12 file to a .pem file using OpenSSL.
After going into Edit -> Preferences -> Protocol -> SSL, I added the .PEM to the RSA keys list with IP = 0.0.0.0 and port 0. There are two entries, http & tcp.
This should then decrypt all traffic on ports. This however does not.
After setting up a filter to only view packets between the local device and my PC, everything is still decrypted.
Below is a sample of my log file with some attempts. The top "paragraph" of the log file says the key and everything was successfully loaded, no error, etc.
What is it that I am doing wrong? I bolded what I think is a problem.
dissect_ssl enter frame #19 (first time)
ssl_session_init: initializing ptr 050A7D2C size 592
conversation = 050A7AEC, ssl_session = 050A7D2C
record: offset = 0, reported_length_remaining = 74
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x10
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x10
association_find: TCP port 65534 found 00000000
packet_from_server: is from server - FALSE
**decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available**
association_find: TCP port 65534 found 00000000
association_find: TCP port 443 found 04B61430
record: offset = 37, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x10
association_find: TCP port 65534 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 65534 found 00000000
association_find: TCP port 443 found 04B61430
dissect_ssl enter frame #19 (already visited)
conversation = 050A7AEC, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 74
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 65534 found 00000000
association_find: TCP port 443 found 04B61430
record: offset = 37, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 65534 found 00000000
association_find: TCP port 443 found 04B61430
dissect_ssl enter frame #19 (already visited)
conversation = 050A7AEC, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 74
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 65534 found 00000000
association_find: TCP port 443 found 04B61430
record: offset = 37, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 65534 found 00000000
association_find: TCP port 443 found 04B61430
dissect_ssl enter frame #82 (first time)
conversation = 050A7AEC, ssl_session = 050A7D2C
record: offset = 0, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x10
association_find: TCP port 443 found 04B61430
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 04B61430
dissect_ssl enter frame #83 (first time)
conversation = 050A7AEC, ssl_session = 050A7D2C
record: offset = 0, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x10
association_find: TCP port 443 found 04B61430
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 04B61430
asked 28 Mar ‘14, 12:41
JTaNoob
6●1●1●2
accept rate: 0%
edited 28 Mar ‘14, 15:18
Kurt Knochner ♦
24.8k●10●39●237
If I remember correctly, I used something along the lines of
I was not aware of being able to just import keys - I was told Wireshark only reads pkcs#12 and .pem.
Reason I converted the pkcs#12 was because of this same problem and I was desperate hoping some magic would work.
PEM is just an encoding method (in this context). PEM files can contain keys and/or certs. Please use filename.key directly or modify keyStore.pem to only contain the key (not the cert) and it should work.
Thank you sir. If I do however come across any problems, I may reply back.
TY
any progress?