Showing results for 
Search instead for 
Did you mean: 
Level 11

How to decrypt SSL traffic with wireshark

Getting a packet capture is great and all, however, its frustrating when the information you need is encrypted. To solve this you will need to grab the private key in pem format and load it into wireshark.

This is using wireshark 1.6.5

  • Open wirshark and go to edit -> preferences

  • In the preferences page on the left colum expand Protocols and select SSL
  • Click the Edit button in the top right for RSA keys list
  • Click on New to create a new SSL Decrypt Profile (You will need to create a profile for every unique IP address and port you would want to test)
  • Add the information
    • IP address: This is the IP of the device that uses the private key
    • Port: Add the port that you want to test (80,443,25,etc...)
    • Protocol: http, smtp, ldap, etc....
    • Key File: the private key in pem format
    • Password: Only if the key is password protected
  • Click OK twice and load the packet capture
  • in the display pane of the packet capture (where you can see all the packets) right click on a packet for the connection you want to view and select "Follow SSL Stream"