How to Use wireshark to view ssl content and wireshark to view ssl

How to Use wireshark to view ssl content and wireshark to view ssl

1. To view the ssl content, you need to obtain the server rsa key of the server.

2. Open wireshark and find the following path: Edit-> Preferences-> protocols-> SSL

Then click RSA Keys List: Edit,

Create a New RSA key on the New RSA editing interface

Where

IP address is the IP address of the server.

Port is generally 443

Protocol is generally set to http

You can select the rsa key on your server as the key file. This RSA Key must be a decrypted (RSA) key in PKCS #8 PEM format

Password is generally not entered. If the key file requires a password, you can enter it here.

3. Because wireshark versions earlier than or 1.10 do not support session ticket, session ticket is required if the ssl configured on the server is TLS v1. This is to upgrade wireshark to 1.12 or above.

For ubuntu 14.04, run the following command to upgrade

sudo apt-add-repository 'deb http://ppa.launchpad.net/wireshark-dev/stable/ubuntu trusty main'sudo apt-get update<pre name="code" class="plain"><span style="font-family: Arial, Helvetica, sans-serif;">sudo apt-get upgrade</span>

Sudo apt-get upgrade wiresharksudo apt-get install wireshark

In this case, you can decrypt https in wireshark to view the http content.

4. Notes

1. SometimesDiffie-HellmanYou can try the following CipherSuite.

SSLCipherSuite RC4-SHA

2. Sometimes the session cache will be affected. You can modify the SSLSessionCache In the mod-available/ssl. conf file as follows:

SSLSessionCache none#SSLSessionCacheTimeout  300

3. restart the apache using

sudo service apache2 restart