How to capture SSL content with Wireshark

How to capture SSL content with Wireshark

Installation:

1. Download wireshark from (www.wireshark.org/download.html)

Preparing the SSL certificate:

1. Retrieve the certificate from the https server you are interacting with (.pem file).

2. Remove the encryption of the pem file by performing the following command line:

openssl pkcs12 -export -in server.pem -out aa.pfx

3. convert it back to pem with no password by performing the following command line:

openssl pkcs12 -in aa.pfx -out serverNoPass.pem –nodes

Configuring WireShark:

1. Open wireshark.

2. In the menus go to: Edit -> Preferences ->protocols->SSL.

3. Click on Edit (RSA Keys list).

4. Create new row (New button).

5. Specify in “Key File” the path to the modified certificate.

6. Save the setting.

7. Set in the filter field “http” (or “http||SSL”) to be able to view the encrypted data.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s