decrypted tcpdump capture without using an iRule using tshark
Hi Folks ,
I have used this Article : https://my.f5.com/manage/s/article/K31793632
Everything works well , and I could decrypt my captures but with using the manual way of collecting the Key log pms.
but this way will take too much to export each key log for each stream so if I took two samples from Key log entries in two different ssl streams and create the pms file , I see that not whole capture be decrypted >>> that's expected , because I haven't exported all key log entries in F5 TLS.
In this Article there is an automated way to export Key log entries with executing one command using tshark utility.
Unfortunately this tool doesn't work with bigip bash to export Key Log , it needs others UNIX environments.
Are there any direct method to export these Key log entries or using tshark utility but not with any Linux/UNIX environments.
i resorted to automating the whole thing: https://github.com/f5-rahm/pcap_utils/blob/main/TLSv1_3_captures.py