How to Use wireshark to view ssl content and wireshark to view ssl
1. To view the ssl content, you need to obtain the server rsa key of the server.
2. Open wireshark and find the following path: Edit-> Preferences-> protocols-> SSL
Then click RSA Keys List: Edit,
Create a New RSA key on the New RSA editing interface
Where
IP address is the IP address of the server.
Port is generally 443
Protocol is generally set to http
You can select the rsa key on your server as the key file. This RSA Key must be a decrypted (RSA) key in PKCS #8 PEM format
Password is generally not entered. If the key file requires a password, you can enter it here.
3. Because wireshark versions earlier than or 1.10 do not support session ticket, session ticket is required if the ssl configured on the server is TLS v1. This is to upgrade wireshark to 1.12 or above.
For ubuntu 14.04, run the following command to upgrade
sudo apt-add-repository 'deb http://ppa.launchpad.net/wireshark-dev/stable/ubuntu trusty main'sudo apt-get update<pre name="code" class="plain"><span style="font-family: Arial, Helvetica, sans-serif;">sudo apt-get upgrade</span>
Sudo apt-get upgrade wiresharksudo apt-get install wireshark
In this case, you can decrypt https in wireshark to view the http content.
4. Notes
1. SometimesDiffie-HellmanYou can try the following CipherSuite.
SSLCipherSuite RC4-SHA
2. Sometimes the session cache will be affected. You can modify the SSLSessionCache In the mod-available/ssl. conf file as follows:
SSLSessionCache none#SSLSessionCacheTimeout 300
3. restart the apache using
sudo service apache2 restart