I followed a guide where I extracted
my private key and insert it into the SSL from wireshark
preferences like:
123.456.55.678,443,http,C:\testkey.pem
I tried both http and https - i thought since i am talking
to server in https it might be https? Anyway, both failed to
decrypt (still see jargon raw data when i view TCP stream.
The debug log gives me:
ssl_association_remove removing TCP 443 - http handle
03164D48
ssl_init keys string:
123.456.55.678,443,http,C:\testkey.pem
ssl_init found host entry
123.456.55.678,443,http,C:\testkey.pem
ssl_init addr '123.456.55.678' port '443' filename
'C:\testkey.pem' password(only for p12 file) '(null)'
Private key imported: KeyID
01:31:a7:9e:fc:94:8b:08:2f:17:65:13:20:f9:d3:81:...
ssl_init private key file C:\testkey.pem successfully
loaded
association_add TCP port 443 protocol http handle 03164D48
dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 04E41BAC size 584
conversation = 04E41868, ssl_session = 04E41BAC
record: offset = 0, reported_length_remaining = 100
packet_from_server: is from server - FALSE
ssl_find_private_key server 123.456.55.678:443
client random len: 32 padded to 32
dissect_ssl2_hnd_client_hello found CLIENT RANDOM ->
state 0x01
........
So it seems the key has been found and loaded BUT when i
check the STOPPED TCP stream it is still all jargon... what
am i doing wrong here? thanks
I am pretty sure i am on the right server since the key is loaded and i checked netstat and found the ip of the webservice... but still from wire shark the client basically does handshake and cert check with server and then afterwards server just sends "fin" and ends it.... really not sure whats going on here...
