Use OpenSSL to decrypt TLS session from PCAP files

Oren Shpigel orens at nonamesecurity.com
Tue Dec 8 15:28:19 UTC 2020


Hi, thanks for the answer.

I know wireshark and ssldump have this capability, but I'm looking for a
way to do it in my own software in C++, (using OpenSSL, if possible, but
open to other suggestions as well).

On Tue, Dec 8, 2020 at 4:32 PM Dr. Matthias St. Pierre <
Matthias.St.Pierre at ncp-e.com> wrote:

> Do you need to integrate the decryption into your own software, or are
> you just looking for a possibility to monitor and view the traffic?
>
> If it’s the latter, try and take a look at the SSL decryption support that
> Wireshark provides.
>
>
>
> https://wiki.wireshark.org/TLS
>
> https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/
>
>
>
>
>
> hth,
>
> Matthias
>
>
>
> Disclaimer: I haven’t used it for TLS myself, only for IPsec, and I can’t
> tell how up-to-date it is, in particular whether it is TLS 1.3 ready.
>
>
>
>
>
> *[image: NCP engingeering GmbH]* *Dr. Matthias St. Pierre*
>
> Senior Software Engineer
> matthias.st.pierre at ncp-e.com
> Phone: +49 911 9968-0
> www.ncp-e.com
>
>
> * Follow us on:* Facebook <https://www.facebook.com/NCPengineering> |
> Twitter <https://twitter.com/NCP_engineering> | Xing
> <https://www.xing.com/companies/ncpengineeringgmbh> | YouTube
> <https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn
> <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0>
>
> *Headquarters Germany: *NCP engineering GmbH • Dombuehler Str. 2 • 90449
> • Nuremberg
> *North American HQ:* NCP engineering Inc. • 601 Cleveland Str., Suite
> 501-25 • Clearwater, FL 33755
>
> Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate
> Dietrich
> Registry Court: Lower District Court of Nuremberg
> Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE
> 133557619
>
> This e-mail message including any attachments is for the sole use of the
> intended recipient(s) and may contain privileged or confidential
> information. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please immediately
> contact the sender by reply e-mail and delete the original message and
> destroy all copies thereof.
>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
>
> *From**:* openssl-users <openssl-users-bounces at openssl.org> *On Behalf Of
> *Oren Shpigel
> *Sent:* Tuesday, December 8, 2020 3:15 PM
> *To:* openssl-users at openssl.org
> *Subject:* Use OpenSSL to decrypt TLS session from PCAP files
>
>
>
> Hi,
>
> I generated a PCAP file with TLS session, and I have the matching private
> key used by my HTTPS server.
> The TLS session is not using DH for key exchange, so it should be possible
> to decrypt.
> I know OpenSSL can be used to connect to a socket to "actively" handle the
> TLS session, but is there a way to "passively" decode and decrypt a session?
> How can I "feed" the packets (both directions) into the OpenSSL library?
>
> Thanks!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/2cba2004/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NCP_logo_2f45208a-c14d-4000-bcd3-1ab400c0e48c.gif
Type: image/gif
Size: 2815 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/2cba2004/attachment-0001.gif>


More information about the openssl-users mailing list