Ask Your Question
0

Decrypt P2P WebSocket TLS Traffic

asked 2024-12-19 18:06:04 +0000

tasty_sprout gravatar image

updated 2024-12-19 18:47:11 +0000

  • The P2P application has a .crt and .key file.
  • The certificate is X.509 DER.
  • The application communicates on a specific port.
  • The application uses WebSocket to communicate with the peers.
  • The IP addresses of the peers are not known before. The application aquires the IP addresses of the peers from a tracker and from other peers.
  • TLS versions in use are 1.2 and 1.3.
  • The keys are exchanged by Diffie-Hellman with Perfect Forward Secrecy.
  • The application doesn't support the SSLKEYLOGFILE environment variable.

How to configure Wireshark (4.4.2) to decrypt TLS on the fly (like if the application would support SSLKEYLOGFILE)? If that's not possible what are potential ways forward?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-12-20 15:47:00 +0000

tasty_sprout gravatar image

updated 2024-12-20 16:00:30 +0000

I managed to make it work by enabling SSLKEYLOGFILE capabilities in the app and referencing the resulting keylog file in Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename.

See for more details:

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2024-12-19 18:06:04 +0000

Seen: 30 times

Last updated: yesterday

Related questions

How to get TLSv1.2 to decode

How to verify what protocol was used in an encrypted file transfer?

how to decode protocol over websocket

SSL/TLS Handshake Immediately Fails

MQTT over Websocket?

Can't capture TLS certificate

How can I extract parameters from pcap

Can I capture WIFI Direct P2p packets?

Does Wireshark support TLS 1.3?

How can I decode TLS that uses DH?