Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Command line PCAP decyryption with TLS Key log file

I have a PCAP file I am trying to decrypt, and a TLS keylog file produced by nodejs (using the --tls-keylog option)

I am trying to convert the HTTP messaging inside the PCAP file into WARC format, but cannot figure out how to use the command line tshark util to decrypt the relevant traffic. I can do so in the Wireshark UI by updating TLS PMS setting and then right clicking and choosing to follow the HTTP stream, how can I recreate this behaviour with tshark?

I'd also like to print out the "follow" view for _all_ HTTP connections in a PCAP file (including HTTPS and HTTP2), in JSON format if possible? thanks!