Ask Your Question
0

Step by step SSL decrypt with wireshark

asked 2017-12-30 14:05:42 +0000

jdoe gravatar image

Hi

I want to decrypt my traffic from my browser (Firefox Quantum). It sends https traffic over my router, where I try to dump it with tcpdump. Then I want to decrypt that file with wireshark and I want to see if I can get the URLs that I visited. I read that I need a ssl key and a tls key in order to do that. However, it seems not to work. But I am sure that I am doing something wrong. Therefore I wanted to ask if my start is correct at all:

tcpdump -i wlan0 -s 0 port 443 -w dump.pcacp

Thanks jdoe

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
2

answered 2017-12-30 15:01:28 +0000

Uli gravatar image

Have a look at Peter's slides of his talk at Sharkfest.

TL;DR:

  • Set environment variable SSLKEYLOGFILE before starting Firefox
  • Configure file in Wireshark preferences: Edit → Preferences; Protocols → SSL; (Pre-)Master Secret log filename.
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-12-30 14:05:42 +0000

Seen: 37,210 times

Last updated: Dec 30 '17

Related questions

Is it possible that wireshark doesn't recognize protocol?

Can't see encrypted application data in SSL session

[TLS 1.3] I am getting an error while decrypting the SSL Handshake Traffic -

unable to decrypt ssl with server private key

why wireshark is not showing http or https packets in the view?

Decrypting Application Data with Private Key File

Unsuccessful decryption of TLS v1.2.

Wireshark 2.4.1 GTK Crash on long run

Why redirection of VoIP calls to voicemail fails?

Capture incoming packets from remote web server