I'm trying to decrypt SSL traffic in Wireshark, and it partially works because I'm able to view the decrypted headers. The problem is that I don't see any of the packet contents, only their headers. Is there an explanation for this behaviour?
A bit more detail:
we used openssl to generate keys and certificates with the command:
openssl req -config *.cnf -new -x509 -extensions v3_ca -keyout *.key -out *.crt -days 1825
and then to decrypt the private key to a PKCS#8 format, which wireshark supposedly supports, we issued this command:
openssl pkcs8 -nocrypt -in *.key -informat DER -out *.key -outformat PEM
In Wireshark we issued the following parameters in SSL decryption section:
10.10.10.10,443,http,*.key
- where 10.10.10.10 is the client we're trying to MITM using sslsniff. We have also tried localhost and servers IP with no success. Any suggestions?