TLS log file encryption with WireShark is not working properly

asked 2020-11-26 22:56:59 +0000

Niklas gravatar image


I am currently studying IT and I have to do a TLS encryption with WireShark. The task is to start google chrome with a ssl log file, then visit a website and sign up using my username and password. Then I am supposed to analyze the HTTP packets and find the packet with my username and password. I did start chrome with a log file, set the log file in WireShark and signed up on a website, but WireShark doesn't show me a signle HTTP packet. Does anyone know why it doesn't and what I can do to make it work?

edit retag flag offensive close merge delete


The TLS wiki page has an example capture and pre-master file.

(nice reference for pre-master file: NSS Key Log Format )

Chuckc gravatar imageChuckc ( 2020-11-27 00:16:00 +0000 )edit

I guess you want Wireshark to DECRYPT things.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2020-11-27 10:35:06 +0000 )edit

WireShark doesn't show me a signle HTTP packet

I guess your first problem is capturing traffic correctly before you even attempt to deal with the cryptographic transformations. Maybe this link could help:

You have to capture the correct way: on the correct interface that the traffic will transit and have suitable permissions to do so. You also need the correct filters to look for the traffic you want.

Bob Jones gravatar imageBob Jones ( 2020-11-27 11:42:09 +0000 )edit