Wireshark-bugs: [Wireshark-bugs] [Bug 3444] New: Need the ability to export SSL decrypted captur
Date: Wed, 29 Apr 2009 06:49:08 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444

           Summary: Need the ability to export SSL decrypted captures
           Product: Wireshark
           Version: 1.1.x (Experimental)
          Platform: x86
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: lee_fabian@xxxxxxx


Build Information:
Version 1.1.3 (SVN Rev 27807)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.0, with GLib 2.20.0, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.6.4, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 21 2009), with
AirPcap.

Running on Windows Server 2003 Service Pack 1, build 3790, with WinPcap version
4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS
2.6.4, Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729
--
Wireshark does a great job at decrypting SSL traffic given the private key of
the server, as described in the URL below and the snakeoil2 example.

http://wiki.wireshark.org/SSL

However, the use scenario with SSL decryptions is often that you subsequently
need to "ship" that capture to a vendor in order to have them debug one of
their integrations/products.  This requires that you also send them the private
key which is often not possible given IT security policies.

As far as I have seen there is no "Save as" or "Export" option in Wireshark
that allows a user to export the decrypted capture to a format that is
unencrypted and can be analyzed without the private key.

This would be a great feature. thanks for your time.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.