a while ago, I linked to a github project that, with an encrypted pcap, and a TLS secrets dump file (SSLKEYLOGFILE), it can generate a fully decrypted pcap.

I never saved that link and I'm regretting that . Anyone know what I'm talking about?

@da_667 was it this one https://github.com/lbirchler/tls-decryption ?

@tppetkov that might be the one. I need to test it out.

@da_667 umm, wireshark?

@buherator I'm well aware that wireshark can decrypt streams on the fly. There was a tool that claimed that it would strip the TLS entirely and just leave the plaintext. Like, for example TLS encrypted HTTP would just be HTTP traffic on port 443.

@da_667 ssldump? https://adulau.github.io/ssldump/

@da_667 Now you nerdsniped me to do this with tshark (well, maybe tomorrow), I'd be utterly disappointed if this couldn't be done with a pcap output format:

https://tshark.dev/export/export_tls/

@da_667 ssldump?

@buherator I would absolutely welcome being schooled.