- Get private key of the SSL server in PEM/PKCS12 format ( if conversion is required see link below ) and save only key in to a file
- tcpdump/snoop capture file to be decrypted
- check tshark default preferences relating to SSL
- run tshark with ssl.keys_list parameter,as below to read SSL decrypted data
- ssl.keys_list variable has 4 values: x.x.x.x (IP), port,upper layer protocol, private RSA key filename
No comments:
Post a Comment