

Consider visiting the full blog entry since he may add some extra steps. Note: All this information belongs to " StalkR's Blog" and I have added it here for convinience. We can now see theĪpplication data: an HTTP GET request to index.html, and the response

Server we observed (192.168.100.4): ssl.desegment_ssl_records: TRUE ssl.desegment_ssl_application_data:ġ92.168.100.4,443,http,/home/stalkr/codegate/7/private.pemįix the path to private certificate accordingly, on Windows useĪgain, launch Wireshark and open the capture file. Inform Wireshark that you want it to desegment SSL records andĪpplication data, and give it the private certificate for the https Use the file created earlier with the private key.

Windows: C:\Documents and Settings\\Application Open Wireshark and go to Edit > Preferences > Protocols > SSL >Edit and do the exact setup you can see below. Open Wireshark preferences file: on Linux: ~/.wireshark/preferences on I will add the relevant information nevertheless: Using SSLKEYLOGFILE should work if the applications generating the TLS traffic use a TLS library that observes that environment variable and emits the correct keying material into the file. You don't need to do every step, jump right to the "decrypt https part": Wireshark decryption of TLS traffic works, if it's provided with the correct keying material. I haven't done this myself but after a google search I have found this tutorial.
