How does tshark export decrypted ssl pcap files instead of log files

tshark
SSL

asked 2020-07-28 03:02:58 +0000

Riy..
1

I generated the log file after using the following command. Of course, it contains the key information after decryption, but what I want is the decrypted pcap, hope to get your help

tshark -r testssl.pcap -V -x -o "ssl.debug_file:ssldebug.log" -o "ssl.desegment_ssl_records: TURE" -o "ssl.desegment_ssl_application_data: TURE" -o "ssl.keys_list:127.0.0.1,443,http,server.key"

edit retag flag offensive close merge delete

Comments

(not an answer but related: Bug 14639 - TShark output isn't always usable as text2pcap input
Removing the "-V" and sending the output to text2pcap would be nice but see bug above.

Chuckc ( 2020-07-28 05:54:23 +0000 )edit

From the old Answer site: tshark is decrypting data but output pcap file still has encrypted data

Chuckc ( 2020-07-28 05:56:55 +0000 )edit

add a comment

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

How does tshark export decrypted ssl pcap files instead of log files

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

How does tshark export decrypted ssl pcap files instead of log files edit

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

How does tshark export decrypted ssl pcap files instead of log files