THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Decrypt TLS traffic

  • retag add tags

I am trying to decrypt TLS traffic, I should parse GET request header to a specific host.

I was provided the .pcapng file and the txt file with the TLS keys.

I added the keys using “(Pre)-Master-Secret log filename.”

I tried applying a filter such as http.request.method == “GET” && http.host == “hostname” but it doesn't seem to work, am I doing something wrong with the TLS keys?

DukeOnDacrack's avatar
1
DukeOnDacrack
asked 2024-06-09 11:22:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

In unix environment the TLS keys are exported using a variable. You have setup the variable SSLKEYLOGFILE to the path of the file where you want store the keys, then you run the browser. Something like this: $ export SSLKEYLOGFILE=~/.config/chromium/.mysslkeylog chromium Obiously the path must be writeable by the process.

Virgo's avatar
1
Virgo
answered 2024-06-19 13:17:41 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I think the OP is doing some sort of homework assignment where the pcap and keys are provided so there's no need to configure the browser to generate new keys.

grahamb's avatar grahamb (2024-06-19 13:50:20 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer