Download   Report
  1. No category

Page 1 of 5 Knowledge Center

CTX116557 - How to decrypt SSL and TLS traffic using Wireshark - Citrix Knowledge ...
Knowledge Center
Alerts
Communities
Support Forums
Page 1 of 5
Blogs K N O W L E D G E C E N T E R
Sign in
How to decrypt SSL and TLS traffic using Wireshark
Document ID: CTX116557 / Created On: Mar 14, 2008 / Updated On: Apr 9, 2008
Average Rating:
View products this document applies to
Summary
This article describes how to decrypt SSL and TLS traffic using the Wireshark Network Protocol Analyser.
Requirements
• An understanding and general knowledge of:
– Network Traces
– Networking, TCP/IP and SSL/TLS protocols
– Certificates and the use of Public & Private Keys
– The Wireshark Network Protocol Analyser
• Wireshark software compiled with SSL decryption support
• Decrypted private key of the server or appliance in PKCS#8 PEM format (RSA)
Background
In Wireshark, the SSL dissector is fully functional and supports advanced features such as decryption of SSL, if the encryption key is provided. This is useful when troubleshooting Citrix
products that use SSL or TLS encryption.
Procedure
Wireshark Settings
1. Start Wireshark and open the network capture (encrypted SSL should look like the screenshot below).
http://support.citrix.com/article/CTX116557
6/2/2011
CTX116557 - How to decrypt SSL and TLS traffic using Wireshark - Citrix Knowledge ...
Page 2 of 5
2. From the top menu select Edit > Preferences.
3. When the Preferences window opens, expand Protocols.
http://support.citrix.com/article/CTX116557
6/2/2011
CTX116557 - How to decrypt SSL and TLS traffic using Wireshark - Citrix Knowledge ...
Page 3 of 5
4. Scroll down and select SSL.
5. In the space labeled RSA keys list, provide the following information in the format <ip>,<port>,<protocol>,<key_file_name> (see also the screenshot above).
Where:
<ip> is the IP Address of the server / appliance with the private key
<port> is usually 443 for SSL/TLS
<protocol> is usually HTTP
<key_file_name> is the location and file name of the private key
Note: There are no spaces between the colons. Also, using semicolons to separate the entries, a list of private RSA keys can be entered and used for decryption.
“<ip>,<port>,<protocol>,<key_file_name>;<ip>,<port>,<protocol>,<key_file_name>;<ip>,<port>,<protocol>,<key_file_name>”
6. In the space labeled SSL debug file provide a location and file name for a debug file.
http://support.citrix.com/article/CTX116557
6/2/2011
CTX116557 - How to decrypt SSL and TLS traffic using Wireshark - Citrix Knowledge ...
Page 4 of 5
7. Select OK
8. The SSL traffic should now be decrypted (decrypted SSL should look like the screenshot below).
Private Key Format
Wireshark can decrypt SSL traffic as long as you have the private key. The private key has to be in a decrypted PKCS#8 PEM format (RSA) format. You can open and look inside your
key file. If it is in binary, then it is likely to be in a DER format, which cannot be used with Wireshark.
You can use OpenSSL to convert the key. For example, converting a PKCS#8 DER key to a decrypted PKCS#8 PEM format (RSA) key, at the $ prompt enter the following command:
openssl pkcs8 -nocrypt -in der.key -informat DER -out pem.key -outformat PEM
Where:
der.key is the file name and path to the DER key file
pem.key is the file name and path to the PEM key file output
The Decrypted PKCS#8 PEM format (RSA) key should look similar to this:
Notice that the key begins with:
-----BEGIN RSA PRIVATE KEY-----
http://support.citrix.com/article/CTX116557
6/2/2011
CTX116557 - How to decrypt SSL and TLS traffic using Wireshark - Citrix Knowledge ...
Page 5 of 5
If it begins with:
-----BEGIN ENCRYPTED PRIVATE KEY----Then the key is encrypted and needs to be decrypted with the right passphrase. You can use OpenSSL to do this.
1. At the $ prompt, enter the command:
openssl rsa
If you enter this command without arguments, you are prompted as follows:
read RSA key
2. Enter the name of the key file to be decrypted.
You can enter the openssl rsa command with arguments if you know the name of the private key and the decrypted PEM file.
For example, if the private key filename is myprivkey.pvk and the decrypted filename is keyout.pem, the command is:
openssl rsa –in myprivkeypvk -out keyout.pem
More Information
Wireshark Website
http://www.wireshark.org/
SSL - The Wireshark Wiki
http://wiki.wireshark.org/SSL
Wireshark - Display Filter Reference: Secure Socket Layer
http://www.wireshark.org/docs/dfref/s/ssl.html
Open SSL Website
http://www.openssl.org/docs/apps/rsa.html#EXAMPLES
OpenSSL for Windows - SourceForge Website
http://sourceforge.net/project/showfiles.php?group_id=23617&release_id=4880
This document applies to:












Access Gateway 4.5 Advanced Edition
Access Gateway 4.5 Standard Edition
Access Gateway 7.0 Enterprise Edition
Access Gateway 8.0 Enterprise Edition
Access Gateway 8.1 Enterprise Edition
Feature Pack 1 for Presentation Server 4.5
Presentation Server 4.0 for Microsoft Windows 2003
Presentation Server 4.5 for Windows Server 2003
Presentation Server 4.5 for Windows Server 2003 x64 Edition
Web Interface 4.5 for Presentation Server
Web Interface 4.6 for Presentation Server
XenApp 5.0 for Windows Server 2003 x86
©1999-2011 Citrix Systems, Inc. All rights reserved.
http://support.citrix.com/article/CTX116557
6/2/2011
SSL Key Management Whitepaper

SSL Key Management Whitepaper

How to set up your Android phone for shared base emails

How to set up your Android phone for shared base emails

HOW TO: Configuring NetScaler SSL Offload to work with the N-series Summary:

HOW TO: Configuring NetScaler SSL Offload to work with the N-series Summary:

FREAK ��� Factoring Attack on RSA

FREAK ��� Factoring Attack on RSA

How to Connect to COST or GRID

How to Connect to COST or GRID

What is Student Service Learning? Give a Little Time. real

What is Student Service Learning? Give a Little Time. real

Troubleshooting with Wireshark

Troubleshooting with Wireshark

How to setup POP3 Email Account in iPhone/iPad

How to setup POP3 Email Account in iPhone/iPad

How to navigate to ASOFT System STEP 1

How to navigate to ASOFT System STEP 1

WHITE PAPER Internet File Transfers: Contents

WHITE PAPER Internet File Transfers: Contents

Practical IBM Notes and Domino Internet Security

Practical IBM Notes and Domino Internet Security

Notes - Nash!

Notes - Nash!

Magdeburger Journal zur Sicherheitsforschung

Magdeburger Journal zur Sicherheitsforschung

How To Capture from the Command Prompt with

How To Capture from the Command Prompt with

How to choose a Certificate Authority for safer web security White paper

How to choose a Certificate Authority for safer web security White paper

How to perform a Heartbleed Attack (new revision) 1 - Introduction

How to perform a Heartbleed Attack (new revision) 1 - Introduction

How to Configure SSL VPN Features in DSR Series Configuration Guide Overview

How to Configure SSL VPN Features in DSR Series Configuration Guide Overview

Secure Socket Layer (SSL)

Secure Socket Layer (SSL)

How to configure HTTPS proxying in Zorp 3 F5

How to configure HTTPS proxying in Zorp 3 F5

Why GoToMyPC Makes Perfect Sense for Your Company’s IT

Why GoToMyPC Makes Perfect Sense for Your Company’s IT

What is the LoadMaster™ ? Application Delivery Optimization Server Load Balancing SSL Acceleration

What is the LoadMaster™ ? Application Delivery Optimization Server Load Balancing SSL Acceleration

What is the LoadMaster™ ? Application Delivery Optimization Server Load Balancing SSL Acceleration

What is the LoadMaster™ ? Application Delivery Optimization Server Load Balancing SSL Acceleration

abcdocz.com

© Copyright 2024