SSL Decryption

Did you configured ssl server profile?

anyway...

First you need to capture the traffic:

on your f5 run this command:

tcpdump -i any -vvv -s 0 -nn -w /var/tmp/filename.cap "(host x.x.x.x and host y.y.y.y and port 443)"

where:

x.x.x.x

= your client IP

y.y.y.y

= your Virtual Server IP

while running this command you should try to browse from the

x.x.x.x Client

to the of your

virutal server (y.y.y.y)

.

then go back to the f5 command and press CTRL + C to stop the capture.

you should see something like:

tcpdump: listening on any, link-type EN10MB (Ethernet), capture size 65535 bytes

Got 256

that mean you have successfuly captured some traffic.

now you want to examine the SSL traffic:

on your f5 run this command:

ssldump -Aed -nr /var/tmp/filename.cap -k /config/ssl/ssl.key/your_keyfile.key

you should replace

/config/ssl/ssl.key/your_keyfile.key

with your key path. its should be the same key that you configured on your SSL profile

you can find the key file on your f5 with this command:

find / -iname *.key*

Beginning in BIG-IP 11.x, the SSL profile keys are stored in the /config/filestore/files_d/_d/certificate_key_d/ directory.

now you should see your application_data decrypt like this:

3 7 1247932735.6286 (0.0031) C>SV3.1(436) application_data
---------------------------------------------------------------
GET / HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 1.1.4322; msn OptimizedIE8;ENUS)
Accept-Encoding: gzip, deflate
Host: 172.24.72.169
Connection: Keep-Alive

more information can be found here: