Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Have you tried decoding that stream as HTTPS, to check if they have the typical key exchange in the beginning of the conversation? You can right click on the stream and use "decode as" to force Wireshark to do that for you. Very often developers just use existing protocols and put them on arbitrary ports, which Wireshark doesn't recognize without some help.

Other than that I don't think the CRT .pem will help - for decryption you need the key, not the certificate if I'm not totally mistaken. If you have access to that as well you could try to decrypt the session using Wireshark, but I'm no expert for that kind of thing.