0

I generated the public and private key with

openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout server_key.pem -out cert.pem

and I am using c sockets for the server and client with openssl, every thing works fine and I can capture the encrypted traffic using

sudo tcpdump -w - -U -i eth0 -v 'port 1337' | tee packets | tcpdump -r -

serverIP: 10.10.0.6

clientIP: 10.10.0.12

My question is: how do you decrypt the traffic in Wireshark with/without using the private key because it does not seem to be working?

I have tried to add the private key: 'Edit'->'Preferences'->'Protocols'->'TLS' then added the server_key.pem to the RSA key list with 10.0.0.6 for the ip 1337 for the port and tcp as the protocol but I still can't decrypt the packet with the application data.

enter image description here

Glorfindel
  • 2,263
  • 6
  • 19
  • 30
anon
  • 1
  • 1
  • Have you looked up the Wireshark documentation for how to decrypt TLS packets? – schroeder Jul 08 '22 at 10:39
  • 1
    *"then added the server_key.pem"* - this works only for RSA key exchange, which is long obsolete and is not an option anymore with TLS 1.3. See https://wiki.wireshark.org/TLS#tls-decryption for help – Steffen Ullrich Jul 08 '22 at 10:52
  • 2
    Does this answer your question? [Decrypting TLS in Wireshark when using DHE\_RSA ciphersuites](https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites) – Steffen Ullrich Jul 08 '22 at 10:53
  • @SteffenUllrich every thing seems to mention http and the using a browser to create some sort of a log file but i don't get how I can use this method to decrypt traffic from tcp sockets – anon Jul 08 '22 at 10:57
  • @anon: TCP sockets don't do SSL but a TLS library on top of this does it. This library needs to create the specific file. If it does not - no luck. – Steffen Ullrich Jul 08 '22 at 11:16
  • @SteffenUllrich do you mind explain how to do so – anon Jul 08 '22 at 11:17
  • *"how to do so"* - this depends on the specific program or code, i.e. too much unknown about your specific scenario. – Steffen Ullrich Jul 08 '22 at 11:25
  • @SteffenUllrich i am using c language and programing on a linux machine, could you please tell me what i should search for I just need guidance – anon Jul 08 '22 at 11:32
  • This is more a code question on how to create the necessary file. But if you are using OpenSSL see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_keylog_callback.html – Steffen Ullrich Jul 08 '22 at 11:34

0 Answers0