Hi,
I am trying to decrypt SSL application data by using 'tshark' on RedHat Linux using the following command:
tshark -V -r rsasnakeoil2.cap -R "127.0.0.1,443,/path/to/snakeoil2/rsasnakeoil2.key" > output.txt
However, when I look into output.txt for application data, it looks like the following:
Secure Socket Layer
SSLv3 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: SSL 3.0 (0x0300)
Length: 432
Encrypted Application Data: 4AC33E9D7778012CB4BC4C9A84D7B9900C2110F0FA007C16...
I have verified the pre-requisites
by making sure that I have the following are installed on my system before compiling:
gnutls-1.0.20-4_2.RHL9.at
gnutls-devel-1.0.20-4_2.RHL9.at
libgcrypt11-1.2.2-12.el3.at
libgcrypt-devel-1.2.2-12.el3.at
openssl-0.9.7a-22.1
openssl-devel-0.9.7a-22.1
/usr/local/lib/libpcap.so.0.9.5
So far, I have been unsuccessful with both the 'wireshark-0.99.3a' as well as 'wireshark-0.99.4-SVN-19665' versions.
Thanks for your help. Kind regards,
Vijay
Get your own
web address for just $1.99/1st yr. We'll help.
Yahoo! Small Business.