-1
I was trying to reverse engineer a protocol using wireshark. I followed this article and tried to decrypt TLS Browser Traffic using SSLKEYLOGFILE since decrypting using private key didn't work for me. Using SSLKEYLOGFILE seems to work. But only headers get decrypted. How do I make the body decrypted as well?
Note: The solution in this question might not apply to my question because decrypting using public key doesn't support Diffie-Hellman ciphers. But I am not using private key to decrypt. Instead I am using SSLKEYLOGFILE which supports Diffie-Hellman ciphers. See this article
dhrubo_moy
Posted 2016-07-22T19:46:31.603
Reputation: 101
1
Possible duplicate of Decrypting SSL traffic in Wireshark. Only headers get decrypted
– Ramhound – 2016-07-22T20:15:28.200You can't. You would have to perform a Man-In-The-Middle attack in order to decode it. – Ramhound – 2016-07-22T20:16:05.160
What protocol are you trying to reverse engineer? If it's something like http/2, it will have compressed frames inside the TLS records. – Adrien – 2016-07-22T22:02:09.683
Edited my question with further info. I am trying to reverse engineer http/1.1. Is there any way to uncompress frames inside the TLS records? Forgive my ignorance. I am new to computer networking. @Adrien – dhrubo_moy – 2016-07-25T13:56:45.413
is the client just a browser? If so, you may be able to pipe it through a TCP plug that adds SSL on the upstream connection, then just wireshark plain old http between the browser and the TCP plug service. – Adrien – 2016-07-25T13:58:50.787
What headers exactly are no longer encrypted? HTTP headers? In that case, you have succeeded. What you see now might simply be compressed (gzip or deflate). – Daniel B – 2016-08-03T20:06:35.347