![]() ![]() ![]() If your SSL client machine is Windows, you can force a new SSL session by doing the following: Note that tshark has to capture the beginning of an SSL session in order to decrypt it. Tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list:,443,http,/root/private-rsa.key" -o "ssl.debug_file:rsa_private.log" -R "(tcp.port eq 443)" port 443 Copy the RSA private key file that your web service is using to /root/private-rsa.key in PKCS#1 format ( PKCS#1 files begin with " -BEGIN RSA PRIVATE KEY-"), then run: If you are on a web server that is serving SSL, then you can use tshark on that server to decrypt the traffic off the wire. TShark 1.2.15, Oracle Enterprise Linux 6.5 ![]()
0 Comments
Leave a Reply. |