How does tshark export decrypted ssl pcap files instead of log files
I generated the log file after using the following command. Of course, it contains the key information after decryption, but what I want is the decrypted pcap, hope to get your help
tshark -r testssl.pcap -V -x -o "ssl.debug_file:ssldebug.log" -o "ssl.desegment_ssl_records: TURE" -o "ssl.desegment_ssl_application_data: TURE" -o "ssl.keys_list:127.0.0.1,443,http,server.key"
(not an answer but related: Bug 14639 - TShark output isn't always usable as text2pcap input
Removing the "-V" and sending the output to text2pcap would be nice but see bug above.
From the old Answer site: tshark is decrypting data but output pcap file still has encrypted data