Preferences -> Protocols -> TLS -> "(Pre)-Master-Secret log filename" to the same as in both lines above starting capture According to most guides, this should be enough. Yet, still no decrypted data being showed at capture log. I'm still getting that "Encrypted Application Data" and no additional tabs showing below. There is no "SSL" protocol in Preferences as well, but most guides references to it so I'm being confused a lot if I doing something wrong. Still, can't get any clue not in google, nor here. Checked it at various sites, even at httpbin.org, was trying to start capture first, browser first, rebooting, etc - still the same result, no HTTPS traffic decryption. Chrome make it's secret log file perfectly and seem to be writing it correctly.' />
How to capture HTTPS traffic with v3.0.2?

How to capture HTTPS traffic with v3.0.2?

2019-11-28 16:26:47

Hello, I'm trying to figure out how to capture Chrome HTTPS traffic at Windows 7 with Wireshark and have already read tons of manuals and guides. But still, my Wireshark v.3.0.2 does not decrypt TLSv1.2 traffic. Here is what I do: set environmental variable SSLKEYLOGFILE start Chrome with --ssl-key-log-file="...path..." key in Wireshark, set Edit -> Preferences -> Protocols -> TLS -> "(Pre)-Master-Secret log filename" to the same as in both lines above starting capture According to most guides, this should be enough. Yet, still no decrypted data being showed at capture log. I'm still getting that "Encrypted Application Data" and no additional tabs showing below. There is no "SSL" protocol in Preferences as well, but most guides references to it so I'm being confused a lot if I doing something wrong. Still, can't get any clue not in google, nor here. Checked it at various sites, even at httpbin.org, was trying to start capture first, browser first, rebooting, etc - still the same result, no HTTPS traffic decryption. Chrome make it's secret log file perfectly and seem to be writing it correctly.

Hello, I'm trying to figure out how to capture Chrome HTTPS traffic at Windows 7 with Wireshark and have already read tons of manuals and guides. But still, my Wireshark v.3.0.2 does not decrypt TLSv1.2 traffic. Here is what I do:

  • set environmental variable SSLKEYLOGFILE

  • start Chrome with --ssl-key-log-file="...path..." key

  • in Wireshark, set Edit -> Preferences -> Protocols -> TLS -> "(Pre)-Master-Secret log filename" to the same as in both lines above

  • starting capture

According to most guides, this should be enough.

Yet, still no decrypted data being showed at capture log. I'm still getting that "Encrypted Application Data" and no additional tabs showing below. There is no "SSL" protocol in Preferences as well, but most guides references to it so I'm being confused a lot if I doing something wrong. Still, can't get any clue not in google, nor here.

Checked it at various sites, even at httpbin.org, was trying to start capture first, browser first, rebooting, etc - still the same result, no HTTPS traffic decryption.

Chrome make it's secret log file perfectly and seem to be writing it correctly.

If you can absolutely not decrypt any traffic even if the key log file is correctly written and configured in Wireshark, my guess is that you have some kind of anti-virus software running that basically terminates your TLS connection and creates a new connection.

If that is the case, you should be able to observe Certificate messages that are not signed by a trusted Certificate Authority (CA).

The preference (and the associated dissector) has been renamed in Wireshark 3.0 and later to "TLS", because no-one is actually using SSL these days. Unfortunately those guides haven't caught up.

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.