Export PCAP containing decrypted traffic

asked 2022-05-19 05:40:14 +0000

u039b gravatar image

Hi all!

I am working on PTS and for this project, I dump a SSL keylog directly from an Android device. This way, it is quite easy to use Wireshark and see the decrypted traffic. Everything works just fine.

But, most of network analysis tools such as Arkime do not support traffic decryption. So, my question is: given a SSL keylog and a PCAP, is there a way to generate a PCAP file containing the decrypted traffic?


edit retag flag offensive close merge delete


json2pcap might be a solution but didn't work in my testing. Issue opened here: Decrypted TLS packets

Chuckc gravatar imageChuckc ( 2022-05-19 15:36:16 +0000 )edit