How to view encrypted content in HTTPS (SSL) messages with Wireshark (Ethereal)

Based on personal experience, this article describes how to use Wireshark (Ethereal's new name) to view encrypted messages in the captured SSL (including HTTPS).

When you configure HTTPS (based on TLS/SSL) with servers such as Tomcat, you often need to use Wireshark to grab the package and want to view the HTTP messages. However, HTTPS traffic is encrypted, so by default you can only see HTTPS at the beginning of the connection between the interactive certificate and the negotiation of a few messages, the real Business data (HTTP message) is encrypted, you have to use the server key (private key) to view. Even in the case of HTTPS two-way authentication (server Authentication client certificate), you only need the server private key to view the encrypted content in the HTTPS message.
Note: How to configure an HTTPS server can refer to how to build an HTTPS two-way authentication environment (HTTPS client authentication) with Tomcat and OpenSSL.

1. Configure Wireshark
Select the Wireshark main Menu edit->preferences to open a configuration window; the left side of the window is a tree (directory), and you open the protocols, which lists all wireshark supported protocols, where SSL is found and selected, A few parameters are listed in the right window, where the RSA keys list is used to configure the server private key. The format of this configuration is:
<ip>,<port>,<protocol>,<key_file_name>

The meanings of each field are:
<ip>----Server IP address (Web server for HTTPS).
<port>----SSL Ports (ports for HTTPS, such as 443,8443).
<protocol>----Indicates what protocol is encrypted in SSL, which should be filled in HTTP for https.
<key_file_name>----The server key file, the private key in the file must be plaintext (no password-protected format).
For example: 192.168.1.1,8443,HTTP,C:/MYSERVERKEY/SERVERKEY.PEM

If you want to set up multiple sets of configurations, you can separate them with semicolons, such as:
192.168.1.1,8443,http,c:/myserverkey/clearkey.pem;10.10.1.2,443,http,c:/myserverkey/clearkey2.pem

2. Export the clear text format of the server key (that is, the <key_file_name> mentioned earlier)
Everyone originally in the configuration HTTPS server, the server private key, generally enter a password to protect the private key. So how do you export the clear text of the server private key, depending on the circumstances:

(1) If you are generating the server's private key as described in how to build the HTTPS two-way authentication environment (HTTPS client authentication) with Tomcat and OpenSSL, you can use a command similar to the following:
OpenSSL Req-newkey Rsa:1024-keyoutServerkey.pem-keyform pem-out SERVERREQ.PEM/
-outform pem-subj "/o=abcom/ou=servers/cn=servername" M
And your server private key file Serverkey.pem is still in, you can then export the server private key plaintext file:
OpenSSL rsa-in Serverkey.pem > Clearkey.pem

Execute the command to enter the private key's protection password to get the private key plaintext file CLEARKEY.PEM.

(2) If you have lost Serverkey.pem, but there is also a PKCS12 format of the server certificate library file, which was originally generated similar to the following command:
OpenSSL pkcs12-export-in Servercert.pem-inkey SERVERKEY.PEM/
-outTOMCAT.P12-name tomcat-cafile "$HOME/testca/cacert.pem"/
-caname Root-chain
You can use the following command to direct the server's private key from the TOMCAT.P12 (pkcs12 format) file:
OpenSSL pkcs12-in tomcat.p12-nocerts-nodes-out Clearkey.pem

The Execute command requires you to enter a PKCS12 protection password.
Then edit the generated Clearkey.pem file and delete the contents of the "-----BEGIN RSA PRIVATE KEY-----".

(3) If your server's private key is a Java keytool command generated keystore files, you need to get out of trouble, it is recommended that the server KeyStore best use the "How to use Tomcat and OpenSSL to build HTTPS two-way authentication environment (HTTPS client Authentication) OpenSSL generates the server public key private key and certificate method to generate the KeyStore in the PKCS12 format.