Wireshark · Wireshark-users: [Wireshark-users] how to decrypt TLSv1 traffic

Wireshark-users: [Wireshark-users] how to decrypt TLSv1 traffic

From: "Nik Kolev" <nkolev@xxxxxxxxxxxxxxxxxxxxxxx>

Date: Mon, 9 Jun 2008 16:23:49 -0400

Hi,

I am wondering whether the TLSv1 traffic for the webapp I am working on can be decrypted. More precisely I am interested in decrypting the traffic that contains HTTP messages.

Here’s the environment info:

o IE (but I can use Firefox if needed) talking to a JBoss-contained webapp

o all traffic over SSL (TLSv1)

o TLS’s “Server Hello”-message says:

Secure Socket Layer

TLSv1 Record Layer: Handshake Protocol: Server Hello

Content Type: Handshake (22)

Version: TLS 1.0 (0x0301)

Length: 74

Handshake Protocol: Server Hello

Handshake Type: Server Hello (2)

Length: 70

Version: TLS 1.0 (0x0301)

Random

Session ID Length: 32

Session ID: DFC934A0A89626A9FF048DBC2D9B9595EFE88AFEB078E06D...

Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)

Compression Method: null (0)

I saw a blog post somewhere discussing that you can “pass” the path to the file which stores the negotiated encryption key to wireshark and (given that wireshark has been linked against a given library) get the encrypted payload decrypted. I don’t know if this applies to my scenario (not sure whether IE writes the key to the file system,…)…

Thanks for your help,

-nik

Follow-Ups:
- Re: [Wireshark-users] how to decrypt TLSv1 traffic
  - From: Sake Blok

Prev by Date: Re: [Wireshark-users] I can not see any significant data with RTP Player
Next by Date: Re: [Wireshark-users] how to decrypt TLSv1 traffic
Previous by thread: Re: [Wireshark-users] I can not see any significant data with RTP Player
Next by thread: Re: [Wireshark-users] how to decrypt TLSv1 traffic
Index(es):
- Date
- Thread