1, to view the contents of SSL, you need to get the server RSA key
2, open Wireshark, find the following path, Edit, Preferences, protocols, SSL
Then click RSA Keys list:edit,
Create a new RSA key in the new RSA editing interface
which
IP address is the IP of the server
Port is usually 443.
Protocol general fill in HTTP
The key file can select RSA key on its own server. This RSA key needs to be a decrypted pkcs#8 PEM format (RSA) key
Password generally do not fill in, if the key file requires a password, you can fill in here.
3, because the Wireshark low version (less than or 1.10) does not support session ticket, so if the server configured SSL is TLSV1, while on the Mac safari above, need session ticket. This is going to upgrade the Wireshark version to more than 1.12.
If it is Ubuntu 14.04, you can upgrade it with the following command
sudo apt-add-repository ' deb http://ppa.launchpad.net/wireshark-dev/stable/ubuntu trusty main ' sudo apt-get update< Pre name= "code" class= "plain" ><span style= "font-family:arial, Helvetica, Sans-serif;" >sudo Apt-get upgrade</span>
sudo apt-get upgrade Wiresharksudo apt-get Install Wireshark
This allows you to decrypt https at Wireshark and view the contents of the HTTP.
4, attention.
1, sometimes Diffie-hellman Ciphersuite cannot decrypt, so can try the following ciphersuite.
Sslciphersuite Rc4-sha
2, sometimes the session cache will have an impact, can be modified in mods-available/ssl.conf Sslsessioncache as follows
Sslsessioncache none#sslsessioncachetimeout 300
3,restart the Apache using
sudo service apache2 restart
How to view SSL content using Wireshark