The key log file is created but after loading it in Wireshark sessions are not decrypted
1047
Created On 09/10/24 20:20 PM - Last Modified 09/11/24 20:22 PM
Symptom
- Looking to Decrypt SSL traffic
- Followed KB How to Decrypt SSL using Chrome or Firefox and Wireshark in Windows
- The key log file is created but after loading it in Wireshark sessions are not decrypted
Environment
- Next Generation Firewall
- SSL Decryption
- Windows browser (Chrome or Firefox)
Resolution
- Make sure Wireshark starts capturing before the browser is started and any sites are visited to make sure the beginning of the session is captured.
- The session must be captured from the beginning to decrypt.
- Check that the customer does not have any security programs doing SSL/TLS decryption on the client computer.
- This will break decryption because the keys saved by the browser will be before the man-in-the-middle but the packet capture happens on the network interface after it so they don't match.
- The customer must disable any programs doing decryption on the client computer for key logging to work.