Wireshark-users: Re: [Wireshark-users] wireshark ssl decryption for dummies
From: Andrew Schweitzer <[email protected]>
Date: Thu, 14 Sep 2006 01:03:53 -0400
Andrew Schweitzer wrote:
Andrew Schweitzer wrote:


...and now it stopped working again on Version 0.99.4 (SVN Rev 19056), even after restarting... hm...
By very carefully editing the wireshark preferences file (in documents 
and settings\application data\Wireshark), it seems to decode http from 
the example and raw data. Here is the line in the file
ssl.keys_list: 
11.38.144.142,3700,data,e:\netcap\initiator.key;127.0.0.1,443,http,e:\transfer\snakeoil2\rsasnakeoil2.key
I screwed semicolon, file location and a couple other things before 
getting it right.
I can't seem to get it to decode the first one into a new plugin. If I 
replace "data" with "new_plugin" (the actual name of the new plugin), 
this (line 1455 in my version of the packet-ssl-utils.c) returns NULL:
ssl_association_add(...)
...
  assoc->handle = find_dissector(protocol);


Is that because the "new_plugin" hasn't been loaded yet when this is called? Is there a way around this?