Decrypting Java TLS to View in Wireshark

Using Kali, grab this Library: jSSLKeyLog. Next, find the script you’re testing that invokes java and add the following parameter (or manually add the parameter if running java directly):

$ java -javaagent:jSSLKeyLog.jar==/tmp/ssl-key-log.log -jar file.jar

Next, run tcpdump how you normally would:

$ tcpdump -i eth0 -w dump.cap -C 100m

Now you can run the java application whose SSL session keys you want to extract:

$ java -javaagent:jSSLKeyLog.jar==/tmp/ssl-key-log.log -jar app.jar

Once the app has generated the traffic you’re interested in, open up Wireshark and select dump.cap. Find the first SSL connection to the host you’re interested in decrypting traffic to and right-click > Protocol Preferences > (Pre)-master-secret log filename and browse to /tmp/ssl-key-log.log

Hey, presto! Now you can right-click and select Follow > SSL stream to see the decrypted traffic.

References