On Mon, Aug 24, 2009 at 12:02:53PM -0700, dbarry@xxxxxxxxxxxxxxxxxxx wrote:
>
> Was wondering what users here typically when you need to share a cap file
> that contains SSL contents but you can't share the private key?
> Basically, I need to share with a vendor proof that well formed HTTP
> packets are in fact being properly recieved, but their software is
> mangling and misinterpreting them.
This is something that more people come across... Have a look at bug
report 3444 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444)
> The only thing I currently can do is
> let them share a remote session to my desktop to use my local copy of
> Wireshark.
You could do that... *or* you could provide the binary capture and the
decrypted output of tshark (as mentioned in the bug above)
> I realize there is no real solution to the key problem, but I imagine some
> of you have come up against this kind of situation and may have ideas I
> haven't considered.
The solution mentioned in the bug above is a real solution. What it will
accomplish is that it will be possible to export the session keys which
makes it possible to decrypt just the ssl sessions in the tracefile. So
no security comprimise...
... but it needs to be implemented. I have it on my list, but time
is a limited resource unfortunately.
So, be patient and in the meantime, provide the tshark output together
with the binary trace :-)
Cheers,
Sake
