Reputation: 3782
decrypt `Encrypted Alert` packets generated due to JMeter https requests (e.g. via Wireshark)
I follow that guide https://redflagsecurity.net/2019/03/10/decrypting-tls-wireshark/ to set up Wireshark to decrypt TLS traffic.
I added export SSLKEYLOGFILE=~/.ssl-key.log to ~/.bash_profile on MacOS and now when I start browser like Firefox from same terminal window open -a firefox I see the ssl-key.log file grow in size. However, when I started JMeter also from same terminal window and have run several http samplers with https protocol, ssl-key.log did not grow.
I could not find info on the subject via web search for tls wireshark decrypt jmeter. How to decrypt it? I need not only responses matched to requests which are captured in e.g View Results Tree in JMeter but also technical packets, in particular Encrypted Alert ones.
Upvotes: 0
Views: 1284
Answers (1)
Reputation: 168092
JMeter knows nothing about this SSLKEYLOGFILE environment variable, if you want to capture encrypted traffic originating from JMeter via Wireshark you will need to go for RSA key approach
First you need to get the private key from the website you're testing.
Once done you need to configure protocol dissector using the aforementioned private key in Wireshark - Preferences - Protocols - TLS
Once done you should be able to decrypt the outgoing requests using Wireshark.
If you cannot obtain the RSA private key from the website you're testing you can still attempt to obtain it using JMeter's HTTP(S) Test Script Recorder you need to first generate a MITM proxy keystore and make JMeter aware of this keystore by modifying the following JMeter Properties:
proxy.cert.file=proxyserver.jks
proxy.cert.type=JKS
proxy.cert.keystorepass=mc3VZAuZvgYzt6pIQq3w
proxy.cert.keypassword=BFsghQ0GBN7SxI0HWpkr
Then you need to convert JKS keystore to PKCS12 via i.e. keytool command
keytool -importkeystore -srckeystore proxyserver.jks -destkeystore proxyserver.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass mc3VZAuZvgYzt6pIQq3w -deststorepass mc3VZAuZvgYzt6pIQq3w
Next you can extract encrypted RSA private key from the .p12 keystore:
openssl pkcs12 -in proxyserver.p12 -nocerts -out encrypted.key -password pass:mc3VZAuZvgYzt6pIQq3w -passout pass:mc3VZAuZvgYzt6pIQq3w
And finally decrypt the private key for later use in Wireshark:
openssl rsa -in encrypted.key -out decrypted.key -passin pass:mc3VZAuZvgYzt6pIQq3w
The generated RSA key file can be used in Wireshark
Upvotes: 1
Related Questions
- how to take part of a dynamic http request and encrypt it and replace the result inside the http request using Jmeter
- Decrypting HTTPS packets using pcap4J
- JMetter, Encrypt requests, decrypt responses
- Cannot decrypt HTTPS Traffic with Wireshark
- Decrypt client-side SSL traffic in Wireshark generated by Java HttpsURLConnection
- How to decrypt service to service SSL traffic using wireshark?
- Decrypting HTTPS traffic in Wireshark not working
- Decrypt TLS https data traffic
- How to read SSL/TLS Encrypted Alert code under Ephemeral RSA
- HTTP traffic with encrypted data