2
I'm trying to troubleshoot some issues with what my code is sending to a remote API (over https). I've seen a ton of articles on Wireshark and decoding SSL, but they all make up their own test server which is useless to me. I need to know how to decrypt SSL streams to/from a server I don't control. How do I do this?
CaptSaltyJack
Posted 2015-07-17T04:03:10.433
Reputation: 1 515
so, this: https://wiki.wireshark.org/SSL ?
– schroeder – 2015-07-17T05:12:25.387@schroeder Correct, it doesn't explain where to obtain the key from – CaptSaltyJack – 2015-07-17T05:15:43.810
Read the section called: Using the (Pre)-Master-Secret – schroeder – 2015-07-17T05:31:09.957
Tried that. The key log file did nothing. It had a bunch of
CLIENT_RANDOMentries in it. Pointing Wireshark to it did absolutely nothing. – CaptSaltyJack – 2015-07-17T05:33:44.997The problem is, once I set up Firefox to log the pre-master-secret, I go to
https://api.whatever.net.. is that it? Is the key logged to the file? I tried that and it didn't work. The documentation isn't clear about where to surf or what to do to properly populate the key file – CaptSaltyJack – 2015-07-17T05:46:53.0632Ok. You need to include what you've tried and what the results are. It looks like you're close. – schroeder – 2015-07-17T05:56:37.933