I haven't done this myself but after a google search I have found this tutorial. You don't need to do every step, jump right to the "decrypt https part": Write-up Codegate 2010 #7 - Decrypting HTTPS SSL/TLSv1 using RSA 768bits with Wireshark
I will add the relevant information nevertheless:
Decrypt https
Open Wireshark preferences file:
- on Linux:
~/.wireshark/preferences
- on Windows:
C:\Documents and Settings\<user>\Application Data\Wireshark\preferences
Inform Wireshark that you want it to desegment SSL records and
application data, and give it the private certificate for the https
server we observed (192.168.100.4):
ssl.desegment_ssl_records: TRUE
ssl.desegment_ssl_application_data: TRUE
ssl.keys_list: 192.168.100.4,443,http,/home/stalkr/codegate/7/private.pem
Fix the path to private certificate accordingly, on Windows use
regular slashes /.
Again, launch Wireshark and open the capture file. We can now see the
application data: an HTTP GET request to index.html, and the response
containing the flag.
![Blockquote](https://cdn.statically.io/img/i.sstatic.net/nvgsc.png)
Have a look and let us know.
Notes:
All this information belongs to "StalkR's Blog" and I have added it here for convenience. Consider visiting the full blog entry since he may add some extra steps.
Wireshark has changed naming from SSL to TLS