I was using the Wireshark GUI (on Win32). The steps you listed
below were the same ones I had seen elsewhere and they worked correctly.
Brian Baker
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Vijay
Sitaram
Sent: Friday, October 27, 2006 7:12 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] SSL decryption -- RSA Key format
Are you using Wireshark or the command line 'tshark' for
this decryption? I have been trying to decrypt SSL traffic for the last
couple of weeks but have not been successful as of yet.
Here are the steps to export an IIS
certificate to a private key file:
- Click on View Certificate under Directory
Security tab (when viewing the Defaul Web Site Properties).
- Click on Details tab and Copy To File…
- Click on Next for the Certificate Export wizard.
- Choose Yes under Export Private Key option and
click on Next.
- Uncheck Enable strong protection option and click
on Next.
- Click on Next on the password dialog (don't enter
a password).
- Enter a file name such as
C:\Temp\www.something.com-w3svc.pfx and click on Next.
- Click on Finish and Click on OK.
- Copy the exported file to a machine running
OpenSSL and execute the following command:
- openssl
pkcs12 -in /path/to/www.something.com-w3svc.pfx -out /path/to/www.something.com-w3svc-Key.pem
-nodes -nocerts
In
theory you should then be able to use a command such as the follows to decrypt
SSL traffic:
tshark -V -r
rsasnakeoil2.cap -o "ssl.keys_list:
127.0.0.1,443,http,/path/to/snakeoil2/rsasnakeoil2.key" -o "ssl.debug_file:
/path/to/snakeoil2/ssldebug.txt" > output.txt
Please let share your experiences if your decryption attempts are
successfull.
