I followed a guide where I extracted my private key and insert it into the SSL from wireshark preferences like:
123.456.55.678,443,http,C:\testkey.pem
I tried both http and https - i thought since i am talking to server in https it might be https? Anyway, both failed to decrypt (still see jargon raw data when i view TCP stream. The debug log gives me:
ssl_association_remove removing TCP 443 - http handle 03164D48
ssl_init keys string:
123.456.55.678,443,http,C:\testkey.pem
ssl_init found host entry 123.456.55.678,443,http,C:\testkey.pem
ssl_init addr '123.456.55.678' port '443' filename 'C:\testkey.pem' password(only for p12 file) '(null)'
Private key imported: KeyID 01:31:a7:9e:fc:94:8b:08:2f:17:65:13:20:f9:d3:81:...
ssl_init private key file C:\testkey.pem successfully loaded
association_add TCP port 443 protocol http handle 03164D48
dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 04E41BAC size 584
conversation = 04E41868, ssl_session = 04E41BAC
record: offset = 0, reported_length_remaining = 100
packet_from_server: is from server - FALSE
ssl_find_private_key server 123.456.55.678:443
client random len: 32 padded to 32
dissect_ssl2_hnd_client_hello found CLIENT RANDOM -> state 0x01
........
So it seems the key has been found and loaded BUT when i check the STOPPED TCP stream it is still all jargon... what am i doing wrong here? thanks
