There might be a situation that you need to analyse server logs using Wireshark. Analysing server logs generated for non-secured data packet transaction is kind a straight forward, We can just simply view http requests. But when We secured the transactions(https) all the data packets are transferred using tcp protocole which is encrypted. Therefore We need to decrypt those tcp data packets inorder to read them. In this post I will be explaining how to decrypt these data packets in a remote or host machine where Wireshark logs are analysing.
1. Go to <CARBON_HOME>/repository/resources/security folder location and locate wso2carbon.jks.
Note: Above I have located the default keystore, If your using a custom keystore please locate that file.
2. Convert a JKS file to PKCS12 format (Java 1.6.x and above)
$ keytool -importkeystore -srckeystore KEYSTORE_NAME.jks -destkeystore KEYSTORE_NAME.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass <mysecret> -deststorepass <mysecret> -srcalias <myalias> -destalias <myalias> -srckeypass <mykeypass> -destkeypass <mykeypass> -noprompt
example: If your using default keystore
keytool -importkeystore -srckeystore wso2carbon.jks -destkeystore wso2carbon.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass wso2carbon -deststorepass wso2carbon -srcalias wso2carbon -destalias wso2carbon -srckeypass wso2carbon -destkeypass wso2carbon -noprompt
ii. Now select New:
1. Go to <CARBON_HOME>/repository/resources/security folder location and locate wso2carbon.jks.
Note: Above I have located the default keystore, If your using a custom keystore please locate that file.
2. Convert a JKS file to PKCS12 format (Java 1.6.x and above)
$ keytool -importkeystore -srckeystore KEYSTORE_NAME.jks -destkeystore KEYSTORE_NAME.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass <mysecret> -deststorepass <mysecret> -srcalias <myalias> -destalias <myalias> -srckeypass <mykeypass> -destkeypass <mykeypass> -noprompt
example: If your using default keystore
keytool -importkeystore -srckeystore wso2carbon.jks -destkeystore wso2carbon.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass wso2carbon -deststorepass wso2carbon -srcalias wso2carbon -destalias wso2carbon -srckeypass wso2carbon -destkeypass wso2carbon -noprompt
3. Now we can use the private key file in Wireshark as given below:
Note: The following dialog box could be seen by first selecting Edit > Preferences and then selecting “Protocols” from the left pane and selecting SSL at the left pane again:
i. Select Edit RSA key list :
ii. Now select New:
iii. Then fill the relevant details:
IP address : carbon server host IP address
Port : carbon server running port(default port is 9443)
Protocol : http
Key File : Select the generated .p12 file in step 2.
Password : password of the keystore (for the default keystore this is wso2carbon)
4. That's it and select ok to add it to RSA key list, Now select apply > ok from that list. You do not need to fill any thing else in i and just select apply > ok.
5. Now you can see decrypted tcp requests as http requests in Wireshark log.
Thank you for another informative site. Where else could I get that kind of info written in such an ideal way? I've a project that I am just now working on, and I've been on the look out for such information. shipping container dimensions
ReplyDelete