2
1
I'm trying to decrypt SSL traffic in Wireshark, and it partially works because I'm able to view the decrypted headers. The problem is that I don't see any of the packet contents, only their headers. Is there an explanation for this behaviour?
A bit more detail:
we used openssl to generate keys and certificates with the command:
openssl req -config *.cnf -new -x509 -extensions v3_ca -keyout *.key -out *.crt -days 1825
and then to decrypt the private key to a PKCS#8 format, which wireshark supposedly supports, we issued this command:
openssl pkcs8 -nocrypt -in *.key -informat DER -out *.key -outformat PEM
In Wireshark we issued the following parameters in SSL decryption section:
10.10.10.10,443,http,*.key
- where 10.10.10.10 is the client we're trying to MITM using sslsniff. We have also tried localhost and servers IP with no success. Any suggestions?
Thanks for the reply, but I've actually used that guide and ended up only being able to decrypt the headers. – user1049697 – 2012-02-13T20:13:34.563
@user1049697 This person was unable to see packets because he used a Diffie-Hellman cipher. http://seclists.org/wireshark/2009/Nov/75
– sealz – 2012-02-13T20:17:58.837