Decrypting outbound REST calls by HTTPS
Hi All. I spent several hours trying to setup WireShark to decode outbound REST calls, but so far I have not been able to do so.
I have tried to assign the .PFX, .PEM, .KEY and created a KeyLog but the packets are still encrypted.
This is what I get in the debug log:
dissect_ssl enter frame #2062 (first time)
packet_from_server: is from server - FALSE
conversation = 000000CB5320F940, ssl_session = 000000CB53210750
record: offset = 0, reported_length_remaining = 309
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 304, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
The traffic Flow is as follows:
- HTTP POST request is created on the client with HTTP headers and a JSON payload.
- Request is sent through tomcat to the HTTPS REST Endpoint
- Source port is dynamic and target port is static (443)
What I need to see is how the HTTP request is formatted to verify that the creation is correct. I'm using the latest WireShark 64bit version for Windows and running everything on a Windows 2012R2 server. The target endpoint is an external provider where the authentication is done with a base64 encoded credentials token.
Thank you in advance
with Regards Filip Poverud
This is the Key Exchange so we see that it is using the Elliptic-Curve Diffie-Hellman so I assume that is the problem. Please instruct me if you need to see other frames in the loop. I have removed some data, but all the Keys from the log are matched as seen in the below snippet.
(more)