Exporting / saving decrypted data from wireshark

Elaborating on my previous post, “Decrypting https traffic with bluecoat reverse proxy” in support or troubleshooting situations most of the time the end client would not be willing to give up any private keys. This is of course understandable given the fact that this could lead to a security system compromise, which would necessitate a re-issuing of certificates which is no small feat. There is a simple yet little known way of exporting the decrypted data from wireshark into a text file. This text file will contain the decrypted information without disclosing the private keys to anyone.

1. Optional but will save a lot of work. After successful decryption, ask the client to right click on the stream of interest and “follow tcp stream” (assuming they can find the stream of interest)


2. Open the File menu > export > file


3. In the resulting dialogue box ensure to have something similar:


Note : by default “displayed” option is not selected, and “packet bytes” is not selected. Both should be selected to have a complete yet clean decrypted export.

The resulting txt file will show you the decrypted info without needing the private keys


Privacy Settings

One thought on “Exporting / saving decrypted data from wireshark

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.