Something like this needs to be included in tcpdump or Wirshark. (tcpdump would ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		setheron on Sept 10, 2020 \| parent \| context \| favorite \| on: Intercepting Zoom's encrypted data with BPF Something like this needs to be included in tcpdump or Wirshark. (tcpdump would be fitting; since it was the genesis for cBPF) I remember patching Netty https://github.com/netty/netty/pull/8653 just to get the master key in order to decrypt sessions. Having the ability to decrypt TLS sessions like this is way simpler. tl;dr; would love to see something like this for tshark / tcpdump

shawnz on Sept 10, 2020 [–]

Wireshark does support TLS decryption if you provide a "key log file": https://wiki.wireshark.org/TLS#TLS_Decryption

Perhaps OP's technique could be used to generate such a file.

EDIT: I see you have already investigated such methods after looking at your github link.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact