Ask Your Question

How to export objects from encrypted traffic?

asked 2017-11-03 19:14:19 +0000

colada gravatar image

updated 2017-11-03 19:14:46 +0000

I need some help exporting files from encrypted traffic. I downloaded an iso file from a website over https with wget. I also have the keys from the keylogfile. If I dump the traffic with wireshark or tcpdump and then use Wireshark 2.4.2 to decrypt it with the keyfile I can see the GET request (so decryption works to some extend) but not the file itself. Downloading over http and finding/exporting the file works nice. Also with https I can decrypt other smaller files when I download them. I don't know if this is related to the file type, size or something else. Any help appreciated.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-11-04 00:23:03 +0000

Lekensteyn gravatar image

Most likely TCP packets were received out-of-order. This is currently not supported by Wireshark, its status can be tracked here:

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-11-03 19:14:19 +0000

Seen: 173 times

Last updated: Nov 04 '17