I am pretty sure i am on the right server since the key is loaded and i checked netstat and found the ip of the webservice... but still from wire shark the client basically does handshake and cert check with server and then afterwards server just sends "fin" and ends it.... really not sure whats going on here...
--- On Wed, 10/13/10, Al <shaselai@xxxxxxxxx> wrote:
> From: Al <shaselai@xxxxxxxxx>
> Subject: Need help with decrypting wireshark data....
> To: wireshark-dev@xxxxxxxxxxxxx
> Date: Wednesday, October 13, 2010, 5:13 PM
> I followed a guide where I extracted
> my private key and insert it into the SSL from wireshark
> preferences like:
>
> 123.456.55.678,443,http,C:\testkey.pem
>
> I tried both http and https - i thought since i am talking
> to server in https it might be https? Anyway, both failed to
> decrypt (still see jargon raw data when i view TCP stream.
> The debug log gives me:
>
>
> ssl_association_remove removing TCP 443 - http handle
> 03164D48
> ssl_init keys string:
> 123.456.55.678,443,http,C:\testkey.pem
> ssl_init found host entry
> 123.456.55.678,443,http,C:\testkey.pem
> ssl_init addr '123.456.55.678' port '443' filename
> 'C:\testkey.pem' password(only for p12 file) '(null)'
> Private key imported: KeyID
> 01:31:a7:9e:fc:94:8b:08:2f:17:65:13:20:f9:d3:81:...
> ssl_init private key file C:\testkey.pem successfully
> loaded
> association_add TCP port 443 protocol http handle 03164D48
>
> dissect_ssl enter frame #4 (first time)
> ssl_session_init: initializing ptr 04E41BAC size 584
> conversation = 04E41868, ssl_session = 04E41BAC
> record: offset = 0, reported_length_remaining = 100
> packet_from_server: is from server - FALSE
> ssl_find_private_key server 123.456.55.678:443
> client random len: 32 padded to 32
> dissect_ssl2_hnd_client_hello found CLIENT RANDOM ->
> state 0x01
> ........
>
>
> So it seems the key has been found and loaded BUT when i
> check the STOPPED TCP stream it is still all jargon... what
> am i doing wrong here? thanks
>
>
>
>
>
>
