Reset Search
 

 

Article

KB44717 - How to Decrypt SSL traffic from a Wireshark for troubleshooting browser based issues.

« Go Back

Information

 
Last Modified Date2/19/2021 3:52 AM
Synopsis
When troubleshooting client-side problems through the Chrome Browser, we are unable to get much information about encrypted traffic. Hence we have the challenge of not being able to read secure http-headers. 
Problem or Goal
Requirements:

1) Wireshark Packet Capture
2) Google Chrome Browser
 
Note: Close the Google Chrome Browser or force quit the chrome application before performing this Mac OS or Windows OS



 
Cause
Solution
Mac OS

Find here-in below how to set the SSLKEYLOGFile to capture the session key in-order to decrypt the SSL traffic.

1)  Launch the terminal and export the SSL Key Log File.

     $ export SSLKEYLOGFILE="/Users/sdamodaran/Documents/outputkeyfile"

2)  $ open /Applications/Google\ Chrome.app/

3)  After opening the chrome application, you can see the "outputkeyfile" file generated. The session keys are stored under this file.

Troubleshooting:

1) Start run the Wireshark Packet Capture.
2) Now reproduce the issue in the existing chrome browser.
3) Save the Wireshark Packet Capture File. 
4) Go to the Wireshark -> Preferences -> Protocols -> select "TLS" 
5) Point the session key file as shown in the below.

User-added image
6) Click ok to view the decrypted traffic.


Windows OS:
1) Click the Windows ICON button.
2) Enter Env
3) Edit environment variables for your account.
4) Click new user variable and set the variable name as "SSLKEYLOGFILE"
5) set the  Variable value as "C:\Users\jthomas\sslkeylog.txt
User-added image
6) Now reproduce the issue in the existing chrome browser.
7) Save the Wireshark Packet Capture File. 
8) Go to the Wireshark -> Edit -> Preferences -> Protocols -> select "TLS" 
5) Point the session key file as referred in the previous Mac OS example.

 
Note: This is one time session key between client and server. This session key will not be valid for the next browser session.

If you collect the Packet Capture, along with one time session key file with the above procedure. It will be helpful to troubleshoot the client side issues.
Related Links
Attachment 1 
Created BySudhakar Damodaran

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255