It would be interesting to have sharker (tshark actually) decrypt the SSL/TLS traffic if keys are given.
This would potentially allow to analyze more interesting traffic, like HTTP.
Implem:
- Have a new CLI parameter to specify a file containing the SSL/TLS keys (like the one generated by numerous tools when provided the SSLKEYLOGFILE). Should we also support the env variable?
- Give the file to tshark with
-o ssl.keylog_file:/path/to/your/SSLKEYLOGFILE (no yet tested)
- Anything else?
It would be interesting to have sharker (tshark actually) decrypt the SSL/TLS traffic if keys are given.
This would potentially allow to analyze more interesting traffic, like HTTP.
Implem:
-o ssl.keylog_file:/path/to/your/SSLKEYLOGFILE(no yet tested)