[How to] Https decrypt add-in for Wireshark

Discussion in 'Application Software' started by Dark Dinosaur, Jun 20, 2022 at 19:38.

  1. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    1,402
    1,530
    60
    a nice way to get HTTPS decryption in Wireshark,
    without too much effort.

    Start & Close Wireshark,
    than Open command prompt, type this command:
    Code:
    setx SSLKEYLOGFILE C:\SSLKEYLOGFILE.LOG
    powershell -c "(Get-Content '%APPDATA%\Wireshark\preferences') -Replace '#tls.keylog_file: ', 'tls.keylog_file: C:\SSLKEYLOGFILE.LOG' | Set-Content '%APPDATA%\Wireshark\preferences'"
    
    To remove it later

    Close any Application that using Internet connection. Close Wireshark.
    than Open command prompt, type this command:
    Code:
    setx SSLKEYLOGFILE ""
    REG delete HKCU\Environment /F /V SSLKEYLOGFILE
    del /q C:\SSLKEYLOGFILE.LOG
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...