Wireshark-bugs: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures

Date: Wed, 29 Apr 2009 11:20:38 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444





--- Comment #5 from Sake <sake@xxxxxxxxxx>  2009-04-29 11:20:35 PDT ---
(In reply to comment #4)
> Thanks for your quick responses, Sake.

You're welcome, I deal quite a bit with SSL troubleshooting, so this is an
interesting subject for me too :-)

(I'm presenting a SSL troubleshooting session at Sharkfest, see:
http://www.cacetech.com/sharkfest.09/)

> I'm going to set the severity to an enhancement (which I meant to do in the
> first place) because I think the original idea....which is having an export
> feature for a decrypted capture and then being able to hand it to someone else
> without the private key and have them do an analysis from within the wireshark
> GUI would be something very valuable.

How would you suggest the feature, I don't think altering the actual
packet-data is a good option. For starters, this would be quite complicated as
there is a lot of re-assembly involved which makes the data appear at frames in
which not of the original data is present. Secondly, when trying to find/solve
issues, you don't want to tamper the "evidence".

So, the data would have to be provided in info fields (which might be possible
with pcap-ng, which is under development in Wireshark). But then, how would
that be presented. What is the person reading the file has re-assembly
disabled? To which packets should the decrypted data be linked? Decryption is
done on the re-assembled TSL records (which can consist of several TCP
segments).

I do agree it would be a nice feature, but I think providing the text output as
can be done now will be as useful as providing it within the capture file. But
it someone has a smart idea on how to do this, I'm interested :-)

> Clearly the timeframe or acceptance of an enhancement request is up to the
> development team, but I'd like to put it on the books for consideration.

Lets keep it in the books for now :)


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.