Cheatsheet - Compiling/Patching SSLDump for decrypting TLS1.1/1.2Category: cheatsheet
Compiling/Patching SSLDump for decrypting TLS1.1/1.2
Wireshark is a wonderfull tool,
but there are some bug with the SSL/TLS packet decryption.
A simple alternative is SSLDump, a 2003 tool that is not maintained anymore.
A guy named “David Holmes” in 2011 added a patch for decrypting TLS1.1/1.2 packet in SSLDump,
but this patch is not in the last version of SSLDump in the major distro repository (lastest is 0.9b3).
For adding this patch you need to compile the source code from here
Make sure you have the pcap and OpenSSL library installed, on Debian-based system
sudo apt-get install libpcap-dev libssl-dev
cd inside the ssldump source folder.
Compile the ssldump source
./configure make sudo make install
Now you are ready to go with a fresh
ssldump -d -r ./packets.pcap -k ./server_key.pem