SSL debug file in wireshark

networking
wireshark

(Tyr4 Unt4med) #1

What is an SSL debug file in wireshark? I am following the below tutorial and I am stuck at step 4 of this set of Citrix Netscaler instructions

https://support.citrix.com/article/CTX116557

(I am trying to decrypt SSL and TLS Traffic Using Wireshark)


(Doctor Doom) #2

If you are intending to capture some packets in an encrypted session, know that the Wireshark can only decrypt that data if the capture includes the initial establishment and a ssl debug file.

The SSL debug file is where you input your “ssl log” file that contains informations about decrypt process which is generated by the Wireshark itself when configured.

The setup is simply set a SSLKEYLOGFILE environemnt variable (i.g.: export SSLKEYLOGFILE=/home/user/ssldbg.log), then fill the “(pre)-master-secret log” form with the same directory as the ssl debug file and open your browser (this process is compatible with Firefox and Google Chrome – if there any other I’m not sure).


(system) #3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.