Ask Your Question

Const's profile - activity

2021-08-07 05:47:21 +0000 received badge  Popular Question (source)
2021-06-03 00:32:36 +0000 commented answer Cannot decrypt HTTP over TLS

Thank you!

2021-06-03 00:32:21 +0000 marked best answer Cannot decrypt HTTP over TLS

I tried to configure Wireshark according to https://wiki.wireshark.org/TLS to decrypt HTTPS but it doesn't work.

I extracted private key from the certificate as a PEM file and added it via Edit -> Preferences -> RSA Keys. I'm using cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256. But when I open pcap file the encrypted data remains encrypted.

The traces are collected on the client side. I can see Client Hello and Server Hello, I see the selected cipher suite but after that there is only Application Data instead of decoded HTTP.

EDIT: On the provided link I noticed this statement:

"The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA) certificate."

What does it mean? The private key I'm using is extracted from the client certificate. Can it be an issue? I don't have access to the server private key.

Wireshark SSL debug log 

Wireshark version: 3.2.1 (v3.2.1-0-gbf38a67724d0)
GnuTLS version:    3.6.3
Libgcrypt version: 1.8.3


dissect_ssl enter frame #4 (first time)
packet_from_server: is from server - TRUE
  conversation = 00000214164C9A40, ssl_session = 00000214164CA590
  record: offset = 0, reported_length_remaining = 161
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 156, ssl state 0x00
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 152 bytes
Calculating hash with offset 5 156
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #6 (first time)
packet_from_server: is from server - TRUE
  conversation = 00000214164C9A40, ssl_session = 00000214164CA590
  record: offset = 0, reported_length_remaining = 90
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 85, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 81 bytes
ssl_try_set_version found version 0x0303 -> state 0x91
Calculating hash with offset 5 85
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0x003D TLS_RSA_WITH_AES_256_CBC_SHA256 -> state 0x97
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret TLS version 0x303 is not 1.3
tls13_load_secret TLS version 0x303 is not 1.3

dissect_ssl enter frame #8 (first time)
packet_from_server: is from server - TRUE
  conversation = 00000214164C9A40, ssl_session = 00000214164CA590
  record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
ssl_dissect_change_cipher_spec Session resumption using Session ID
ssl_load_keyfile dtls/tls.keylog_file is not configured!
ssl_finalize_decryption state = 0x197
ssl_restore_master_key can't find master secret by Session ID
ssl_restore_master_key can't restore master secret using an empty Session Ticket
ssl_restore_master_key can't find master secret by Client Random
  Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER

dissect_ssl enter frame #10 (first time)
packet_from_server: is from server - TRUE
  conversation = 00000214164C9A40, ssl_session = 00000214164CA590
  record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 80, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available ...
(more)
2021-06-03 00:32:21 +0000 received badge  Scholar (source)
2021-06-01 17:45:40 +0000 received badge  Editor (source)
2021-06-01 17:45:40 +0000 edited question Cannot decrypt HTTP over TLS

Cannot decrypt HTTP over TLS I tried to configure Wireshark according to https://wiki.wireshark.org/TLS to decrypt HTTPS

2021-06-01 16:13:47 +0000 asked a question Cannot decrypt HTTP over TLS

Cannot decrypt HTTP over TLS I tried to configure Wireshark according to https://wiki.wireshark.org/TLS to decrypt HTTPS