Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Integrating Burp and Wireshark

Robin Jan 30, 2015 09:50PM UTC

I'd like to be able to set up Wireshark so it can decrypt HTTPS traffic which is passing through Burp. I know I can export the CA used by Burp but that doesn't help when a per server certificate is in use. Is there a way to get hold of the per server certificate so I can import it into Wireshark?


Dafydd Stuttard Feb 02, 2015 10:33AM UTC Support Center agent

There isn’t currently a way to do this, sorry. The per-host certificates are generated on-the-fly for each host that is accessed, and they aren’t stored anywhere. But we could potentially add a feature where you could export the certificate and key that is being used for a given host in a given session of Burp. It would probably be available in DER or PKCS#12 keystore format as for the VA cert. Would that do what you need?


Ryan K Mar 23, 2015 06:00PM UTC
Exporting the CA is already a feature. I have been using it for years. That feature would probably help the OP. My issue is that keytool cannot read the file the is exported, nothing can except binwalk. They keystore is completely useless to me.

Eelko Neven Sep 06, 2016 02:09PM UTC
Firefox and Chrome both support logging the symmetric session key used to encrypt TLS traffic to a file. You can then point Wireshark at the file and you see decrypted TLS traffic. Just google for SSLKEYLOGFILE or view the nice written: https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ blog post

Post Your public answer

Your name
Your email address
Answer