Ask Your Question

Revision history [back]

Unable to Decrypt any traffic

Hello,

I have a device in a network doing SSL sniffing (man in the middle) I have the private key that it uses (this key is manually trusted by the hosts). When I instal the private key into wireshark, and open a capture I do not see any clear text packets.

I also don't appear to be using DH which semes to be a common issue.

Some of the logs:

dissect_ssl enter frame #74 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 1460

dissect_ssl enter frame #75 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 1415

dissect_ssl enter frame #76 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 9 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 4 decrypt_ssl3_record: app_data len 4, ssl state 0x10 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9

dissect_ssl enter frame #80 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec ssl_dissect_change_cipher_spec Not using Session resumption trying to use SSL keylog in C:\mykey.KEY ssl_load_keyfile failed to open SSL keylog ssl_finalize_decryption state = 0x210 Cipher suite (Server Hello) is missing! packet_from_server: is from server - TRUE ssl_change_cipher SERVER

Unable to Decrypt any traffic

Hello,

I have a device in a network doing SSL sniffing (man in the middle) I have the private key that it uses (this key is manually trusted by the hosts). When I instal the private key into wireshark, and open a capture I do not see any clear text packets.

I also don't appear to be using DH which semes to be a common issue.

Some of the logs:

dissect_ssl enter frame #74 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000022B22750860, ssl_session = 0000022B22755170
  record: offset = 0, reported_length_remaining = 1460

1460 dissect_ssl enter frame #75 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 1415

1415 dissect_ssl enter frame #76 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 9 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 4 decrypt_ssl3_record: app_data len 4, ssl state 0x10 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9

dissect_ssl enter frame #80 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec ssl_dissect_change_cipher_spec Not using Session resumption trying to use SSL keylog in C:\mykey.KEY ssl_load_keyfile failed to open SSL keylog ssl_finalize_decryption state = 0x210 Cipher suite (Server Hello) is missing! packet_from_server: is from server - TRUE ssl_change_cipher SERVER

SERVER