Hello guys, how are you ? Oh, maybe I'm not here to ask you about that. Well I'm hunting a very advanced spyware that exfiltrate data maybe throught email or google talk. So I tried to decrypt the traffic exporting the SSLKEYLOGFILE variable to a file. Then I inserted the file in the wireshark TLS protocol option. But unfortunately only the 1% of the 443 traffic had been decrypted (HTTP2 protocol). Anyone can help me to understand what's happening ? Also, how do I troubleshoot why the packets haven't been decrypted ? Is there debug or log ? Also how I know which packets have not decrypted ? It's enough somehting like "tls and not http2" display filter ?
Thank u all.