I need to decrypt the exchanged data (TLSv1.2 packets with Diffie-Hellman key exchange) between two Web API on the same web server. I have executed all the steps described in the following article: https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/
I have tried using only the (Pre)-Master-Secret log, using only the RSA Keys and using both at the same time, but the result is always the same: at the Packet byte view the tabs underneath the view are not displayed. The Decrypted SSL data and the Uncompressed entity body tabs are not displayed as you can see in the following image:
While I was expecting to see the tabs like those in the following image:
In the SSL debug log file there is the following error:
dissect_ssl frame #93 (first time)
packet_from_server: is from server - TRUE
conversation = 0E4B2598, ssl_session = 0E4B2C50
record: offset = 0, reported_length_remaining = 145
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 89, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 85 bytes
ssl_try_set_version found version 0x0303 -> state 0x91
Calculating hash with offset 5 89
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x97
trying to use TLS keylog in C:\Temp\ssl-keys.log
checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET ...
matched client_handshake
checking keylog line: SERVER_HANDSHAKE_TRAFFIC_SECRET ...
matched server_handshake
checking keylog line: CLIENT_TRAFFIC_SECRET_0 ...
matched client_appdata
checking keylog line: SERVER_TRAFFIC_SECRET_0 ...
matched server_appdata
checking keylog line: EXPORTER_SECRET ...
matched exporter
checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET ...
matched client_handshake
checking keylog line: SERVER_HANDSHAKE_TRAFFIC_SECRET ...
matched server_handshake
checking keylog line: CLIENT_TRAFFIC_SECRET_0 ...
matched client_appdata
checking keylog line: SERVER_TRAFFIC_SECRET_0 ...
matched server_appdata
checking keylog line: EXPORTER_SECRET ...
matched exporter
tls13_load_secret TLS version 0x303 is not 1.3
tls13_load_secret TLS version 0x303 is not 1.3
record: offset = 94, reported_length_remaining = 51
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
ssl_dissect_change_cipher_spec Session resumption using Session ID
trying to use TLS keylog in C:\Temp\ssl-keys.log
ssl_finalize_decryption state = 0x197
ssl_restore_master_key can't find master secret by Session ID
ssl_restore_master_key can't restore master secret using an empty Session Ticket
ssl_restore_master_key can't find master secret by Client Random
Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER (No decoder found - retransmission?)
record: offset = 100, reported_length_remaining = 45
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 40, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
