DNS resolvings and full decrypting of HTTPS traffic

asked 2020-09-13 07:16:41 +0000

updated 2020-09-14 10:51:04 +0000

grahamb gravatar image

Hello, I have two new user questions

  • How do I configure Wireshark to show a column with resolved destination address? I've tried to add custom column Host with value Net dest. addr (resolved), but showing still raw IP numbers.

  • For full revelation of SSL secured communication, is it enough to define SSLKEYLOGFILE environment variable, direct Wireshark to use it in TLS protocol setting and let the monitored application run? I'm not using a web browser but desktop client for online service.
edit retag flag offensive close merge delete

Comments

Have you verified (using nslookup or similar) that the IP address resolves to a name on the system running Wireshark?
Not all applications/libraries support SSLKEYLOGFILE? Is it possible to verify this before configuring a test?

Chuckc gravatar imageChuckc ( 2020-09-13 19:28:56 +0000 )edit

I agree with Chuckc's update for the SSL decryption part. You need to check whether the libraries support it. You can also restart the machine once to see whether it helps. I have seen this multiple times where without rebooting the machine , SSLKEYLOGFILE environment variable doesn't record the keys.

Best Regards, Denzil D'Souza

ddsouza gravatar imageddsouza ( 2020-09-22 14:47:28 +0000 )edit