1

I generated the public and private key with

openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout server_key.pem -out cert.pem

and I am using c sockets for the server and client with openssl, every thing works fine and I can capture the encrypted traffic using

sudo tcpdump -w - -U -i eth0 -v 'port 1337' | tee packets | tcpdump -r -

serverIP: 10.10.0.6

clientIP: 10.10.0.12

My question is: how do you decrypt the traffic in Wireshark with/without using the private key because it does not seem to be working?

I have tried to add the private key: 'Edit'->'Preferences'->'Protocols'->'TLS' then added the server_key.pem to the RSA key list with 10.0.0.6 for the ip 1337 for the port and tcp as the protocol but I still can't decrypt the packet with the application data.

enter image description here

Improve this question
9
  • Have you looked up the Wireshark documentation for how to decrypt TLS packets?
    – schroeder
    Commented Jul 8, 2022 at 10:39
  • 2
    "then added the server_key.pem" - this works only for RSA key exchange, which is long obsolete and is not an option anymore with TLS 1.3. See wiki.wireshark.org/TLS#tls-decryption for help
    – Steffen Ullrich
    Commented Jul 8, 2022 at 10:52
  • 2
    Does this answer your question? Decrypting TLS in Wireshark when using DHE_RSA ciphersuites
    – Steffen Ullrich
    Commented Jul 8, 2022 at 10:53
  • @SteffenUllrich every thing seems to mention http and the using a browser to create some sort of a log file but i don't get how I can use this method to decrypt traffic from tcp sockets
    – anon
    Commented Jul 8, 2022 at 10:57
  • @anon: TCP sockets don't do SSL but a TLS library on top of this does it. This library needs to create the specific file. If it does not - no luck.
    – Steffen Ullrich
    Commented Jul 8, 2022 at 11:16

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .