Wireshark-users: Re: [Wireshark-users] Help with SSL Traffic decrypt / Analysis

From: VJ Thinker <vjatfugen@xxxxxxxxx>
Date: Wed, 7 Mar 2007 22:27:11 -0800 (PST)
Hi Kenneth,
 
    Thanks for your response.  We have the following interactions (all over HTTPS):
 
1. Client -> Server1 (over https).
2. Server1 -> Redirect to Server 2 (through the browser using 302 response code)
3. Server2 -> Server1 (again over https)
4. Server1 -> Server2 (response to request in Step 3).
5. Server2 -> Client (response to request in Step 2).
 
    We want to monitor this communication trail and decrypt the SSL traffic (as per the attached capture file).  We have been able to accomplish this for Step 1, 2 and 3 using Wireshark / tshark.  However, for some reason, the generated response in Step 4 is not being decrypted.
 
     Can you confirm / deny that our approach is feasible given that the requirement is to be able to decrypt this communication traffic?  If 'tshark' is not the right tool are there any other options (even commercial is ok) that might help us in our quest?
 
     Thanks for your response.  Kind regards,
 
Vijay


Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx> wrote:

Make sure your capture session includes the original SSL handshake!

see http://support.microsoft.com/kb/257591




The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged.  Inadvertent disclosure of this message does not constitute a waiver of any privilege.  If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message.  Please also delete this e-mail and all copies and notify the sender.  Thank you.

For alternate languages please go to http://bayerdisclaimer.bayerweb.com

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


We won't tell. Get more on shows you hate to love
(and love to hate): Yahoo! TV's Guilty Pleasures list.

Attachment: CommTraffic.cap
Description: 3667573008-CommTraffic.cap