Cheatsheet - Compiling/Patching SSLDump for decrypting TLS1.1/1.2

Compiling/Patching SSLDump for decrypting TLS1.1/1.2

Wireshark is a wonderfull tool, but there are some bug with the SSL/TLS packet decryption.
A simple alternative is SSLDump, a 2003 tool that is not maintained anymore.
A guy named “David Holmes” in 2011 added a patch for decrypting TLS1.1/1.2 packet in SSLDump,
but this patch is not in the last version of SSLDump in the major distro repository (lastest is 0.9b3).

For adding this patch you need to compile the source code from here

• ssldump source

Make sure you have the pcap and OpenSSL library installed, on Debian-based system

  sudo apt-get install libpcap-dev libssl-dev

Now cd inside the ssldump source folder.
Compile the ssldump source

  ./configure
  make
  sudo make install

Now you are ready to go with a fresh

  ssldump -d -r ./packets.pcap -k ./server_key.pem