Ask Your Question

Revision history [back]

Decrypting my own TLS traffic with tshark

Hi,

I am developing some Web Applications for what I am doing HTTP requests , in and out my host. I am interested in the HTTPS traffic and I have already captured it with tshark as I mainly work in the command-line.

I have been able to decrypt my own conversations on Wireshark , but dumping my own "TLS" private keys , then referred them on C:\Users\fakuve\AppData\Roaming\preferences

tls.keylog_file: C:\Users\fakuve\Documents\Wireshark\ssl-keys.log

So working with GUI Wireshark , I am able to decrypt those conversations.

On a certain message , If I do follow HTTP Stream , it will show the conversation with the headers.

In this I can see that

Wireshark Follow HTTP Stream (tcp.stream eq 7)

So I go to the terminal and I do

tshark.exe -o "tls.keylog_file: C:\Users\fakuve\Documents\Wireshark\ssl-keys.log" -r https-2024-05-14-17-04.pcap -z "follow,tcp,ascii,7"

And I am getting

``` Follow: tcp,ascii Filter: tcp.stream eq 7

Some IPS.

Loads of unencrypted giversih characters ```

Doesnt tshark have the option to decode these conversations according to the TLS Private keys , as I am doing with GUI Wireshark

Thank you