How to view SSL content using Wireshark

1, to view the contents of SSL, you need to get the server RSA key

2, open Wireshark, find the following path, Edit, Preferences, protocols, SSL

Then click RSA Keys list:edit,

Create a new RSA key in the new RSA editing interface

which

IP address is the IP of the server

Port is usually 443.

Protocol general fill in HTTP

The key file can select RSA key on its own server. This RSA key needs to be a decrypted pkcs#8 PEM format (RSA) key

Password generally do not fill in, if the key file requires a password, you can fill in here.

3, because the Wireshark low version (less than or 1.10) does not support session ticket, so if the server configured SSL is TLSV1, while on the Mac safari above, need session ticket. This is going to upgrade the Wireshark version to more than 1.12.

If it is Ubuntu 14.04, you can upgrade it with the following command

sudo apt-add-repository ' deb http://ppa.launchpad.net/wireshark-dev/stable/ubuntu trusty main ' sudo apt-get update< Pre name= "code" class= "plain" ><span style= "font-family:arial, Helvetica, Sans-serif;" >sudo Apt-get upgrade</span>

sudo apt-get upgrade Wiresharksudo apt-get Install Wireshark

This allows you to decrypt https at Wireshark and view the contents of the HTTP.

4, attention.

1, sometimes Diffie-hellman Ciphersuite cannot decrypt, so can try the following ciphersuite.

Sslciphersuite Rc4-sha

2, sometimes the session cache will have an impact, can be modified in mods-available/ssl.conf Sslsessioncache as follows

Sslsessioncache none#sslsessioncachetimeout  300

3,restart the Apache using

sudo service apache2 restart

How to view SSL content using Wireshark