On 14/01/2012 3:33 a.m., Benny wrote:
Hello all! There is a web app i'm trying to sniff the connection to programatically. While searching how can I decrypt the traffic, I came across squid ssl-bump feature. What i'm trying to do eventually is something very similiar to fiddler, but using squid. After generating the CERT and KEY using the guide here: web address: wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it Everything worked superb and I even managed to see in the squid's log entried the POST& GET requests. Example: 1326447605.479 15 84.94.181.22 TCP_MISS/000 0 GET https://re.clintonfoundation.org/view.image? - DIRECT/209.67.132.46 - ... Yet, I haven't managed to decipher the same rows through Wireshark. This is the line I used in: edit->prederences->protocols->ssl->rsa_key_list: <some WAN IP>,8080,http,/home/doron/Desktop/cert3/testkey.pem My key starts with: "-----BEGIN RSA PRIVATE KEY-----" So from my knowledge, it should be in the correct format wireshark can decipher. I hope some of you could please shed some light on this matter.
This is a question for the wireshark help groups. Amos
