I've been trying to decrypt the ssl traffic on chrome using the pre-master secret log method, here is what I did:
- osx, downloaded latest chrome dev version.
- defined SSLKEYLOGFILE as a env variable
made sure my wireshark(1.10.7) is gnutls build.
in wireshark, configed the ssl config to point to the exact file, also make sure the file can be read by anyone( chmod 777)
- load my page and start capturing.
I can see that:
1.there is content in the keylog file, there are many roles, all like : CLIENT_RANDOM fdf7092065550a275290721dd44565cd77e................
2. there was handshake steps at the beginning
3. there is data flow in ssl
4. tried to 'decode' the packages data as 'ssl'
tried to log ssl message, what I see is:
......
trying to use SSL keylog in /Users/swang/keylog
checking keylog line: # SSL/TLS secrets log file, generated by NSS
line does not match
(saw many like like such, based on the log lines in keylog file dumped by chrom dev version)
cannot find master secret in keylog file either
dissect_ssl3_hnd_srv_hello can't find cipher suite 0xC02B
record: offset = 99, reported_length_remaining = 1249
need_desegmentation: offset = 99, reported_length_remaining = 1249
Any suggestions how/what I should look into in the ssl log to get teh root cause?
thanks,