Ask Your Question
0

Decrypt TLS traffic

asked 2024-06-09 11:22:44 +0000

DukeOnDacrack gravatar image

I am trying to decrypt TLS traffic, I should parse GET request header to a specific host.

I was provided the .pcapng file and the txt file with the TLS keys.

I added the keys using “(Pre)-Master-Secret log filename.”

I tried applying a filter such as http.request.method == “GET” && http.host == “hostname” but it doesn't seem to work, am I doing something wrong with the TLS keys?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2024-06-19 13:17:41 +0000

Virgo gravatar image

In unix environment the TLS keys are exported using a variable. You have setup the variable SSLKEYLOGFILE to the path of the file where you want store the keys, then you run the browser. Something like this: $ export SSLKEYLOGFILE=~/.config/chromium/.mysslkeylog chromium Obiously the path must be writeable by the process.

edit flag offensive delete link more

Comments

I think the OP is doing some sort of homework assignment where the pcap and keys are provided so there's no need to configure the browser to generate new keys.

grahamb gravatar imagegrahamb ( 2024-06-19 13:50:20 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2024-06-09 11:22:44 +0000

Seen: 113 times

Last updated: Jun 19

Related questions

How to get TLSv1.2 to decode

How to verify what protocol was used in an encrypted file transfer?

SSL/TLS Handshake Immediately Fails

Can't capture TLS certificate

How can I extract parameters from pcap

Does Wireshark support TLS 1.3?

How can I decode TLS that uses DH?

Can Wireshark decode a LDAPs conversation?

[TLS 1.3] I am getting an error while decrypting the SSL Handshake Traffic -

Decrypting Application Data with Private Key File