Ask Your Question
0

Can I capture certificate and store it without implementing session key of both TLSv1.2 and TLSv1.3

asked 2025-11-12 06:06:37 +0000

Pihu gravatar image

Can I capture certificate and store it without implementing session key of both TLSv1.2 and TLSv1.3 in Linux , I am trying to store TLS_Certificate details using pyshark but unable to do that , is their any other tools we should use or we can store using pyshark.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-11-12 06:44:22 +0000

grahamb gravatar image

With a recent version of tshark (4.6.x), you can export x509 certificates to files, how you handle them in pyshark is up to that separate project.

An example:

tshark -r <path\to\capture\file> -export-objects x509af,<path\to\destdir>
edit flag offensive delete link more

Comments

T add to that, please note that the certificate is sent in the unencrypted phase of the handshake in TLSv1.2 and it is sent in the encrypted phase of the handshake in TLSv1.3. This means you will only see the certificates sent in a TLSv1.2 connection if you do not provide the TLS session keys.

SYN-bit gravatar imageSYN-bit ( 2025-11-12 08:48:24 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-11-12 06:06:37 +0000

Seen: 13 times

Last updated: 3 hours ago

Related questions

haw can i export the certificate into form der from pcap file with command line tshark and not manually ??

What does wireshark say the most thorough certification is?