First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Decryted SSL tab not visible/not appearing

Hello All,

I am testing the SSL/TLS connections, and I am storing my SSL key log file under the SSL preferences "(Pre)-Master- Secret log filename" (under Preferences--> Protocol-->SSL), in order to decrytp traffic. I saved the enviromental variable(SSLKEYLOGFILE) on a folder, and I have checked the file, and it is updated regurlarly when I am browinsing the internet.

I am connecting via a Proxy to external websites, I am seeing the HTTPS destitantion address,..etc. but I am missing the Decrypted SSL key tab, as for example seen in this blog Old Blog Showing the Decryted tab

I wonder if there is no "SSL Descryted Data" tab on this version or I am missing something in my setup. I do see the "Reassembled TCP" tab. I also have qutie a few "Ignored Unknow recored" and my TCP prefrences has marked the "Allow subdisector to resasemble TCP streams"

I am using Wireshark version 2.4.4, under a Windows 7 machine.

20180328_ Edit: I have realized there is no initial SSL handshake captured in the trace (28th March)

Best Regards

xinxolHH's avatar
13
xinxolHH
asked 2018-03-24 19:37:45 +0000, updated 2018-03-28 13:37:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Prerequisite:

  1. Set the System Environment Properties Variables (SSLKEYLOGFILE) in Windows 7
  2. Wireshark Edit> Preferences> Protocols> SSL. Under (Pre)-Master-Secret log filename. Browse: to the location of the Variable(SSLKEYLOGFILE) and create filename*.log

Wireshark capture of a HTTPS website.

  1. Find the first TCP Syn
  2. Right Click and Select Follow > "TCP Stream" or press [Ctrl+Alt+Shift+T]
mark2018's avatar mark2018 (2018-06-12 20:11:18 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Could it be the reason, there is no initial TLS handshake in the trace captured to make enable Wireshark to decrypt the SSL ?

xinxolHH's avatar
13
xinxolHH
answered 2018-03-28 13:36:03 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer