The only future of web applications is with SSL and TLS however this is a nightmare for me and many other web application developers. When we moved all our applications to use secure communications always it became difficult to debug the web application and web api. Luckily Wireshark helps us solve this problem. Currently any secure traffic captured by Wireshark looks like this.
The previous versions allowed to decrypt the secure traffic that used RSA only if the private key could be provided to Wireshark but it is no longer possible to decrypt traffic with just the private keys. This is where Session Key Logging comes into the picture. The browsers that we care about (Chrome and Firefox) support logging symmetric session key which is then used by Wireshark to decrypt the secure traffic.
Enable Session Key Logging
- This could be done by simply by adding an environment variable. To add an environmental variable in Windows go to Computer Properties. One way to reach there is by Right-Clicking the My PC and select Properties.
- Then Select Advanced System Setting
- Followed by selecting Environment Variables
- Now add a new User Environment Variable.
Note – Restart your browser so that the log file is created.
- Now that we have our environment variable setup. Let go to Wireshark and configure it read these keys to decrypt traffic. To do that go to Edit –> Preferences
- Navigate to Protocols –> SSL. Browse to the path where you specified the log file to be created and select the file.
- Now we are all set to decrypt the secure traffic in wireshark. Start capturing traffic with Wireshark and select any TLS or SSL packet to decrypt.
- But when you move to the Decrypted SSL you would be able to see the decrypted traffic.
Hope this helps you with your work with secure web packets.
Any questions, comments and feedback is always welcome.