2
1
I'm trying to decrypt SSL traffic in Wireshark, and it partially works because I'm able to view the decrypted headers. The problem is that I don't see any of the packet contents, only their headers. Is there an explanation for this behaviour?
A bit more detail:
we used openssl to generate keys and certificates with the command:
openssl req -config *.cnf -new -x509 -extensions v3_ca -keyout *.key -out *.crt -days 1825
and then to decrypt the private key to a PKCS#8 format, which wireshark supposedly supports, we issued this command:
openssl pkcs8 -nocrypt -in *.key -informat DER -out *.key -outformat PEM
In Wireshark we issued the following parameters in SSL decryption section:
10.10.10.10,443,http,*.key - where 10.10.10.10 is the client we're trying to MITM using sslsniff. We have also tried localhost and servers IP with no success. Any suggestions?
user1049697
Posted 2012-02-13T19:57:57.753
Reputation: 601
Thanks for the reply, but I've actually used that guide and ended up only being able to decrypt the headers. – user1049697 – 2012-02-13T20:13:34.563
@user1049697 This person was unable to see packets because he used a Diffie-Hellman cipher. http://seclists.org/wireshark/2009/Nov/75
– sealz – 2012-02-13T20:17:58.837