Decrypting BIG-IP Packet Captures Automatically
Back in April, I released the first of hopefully many tools (Automating Packet Captures on BIG-IP) that will assist those responsible for responding to all those directed "It's the BIG-IP!" and "It...
Published Jan 04, 2023
Version 1.0JRahm
Admin
Joined January 20, 2005
Juergen_Mang
Jan 17, 2023MVP
> Nice! The system variable sys db tcpdump.sslprovider is great feature for the new 15.x versions and above
Right and with my tool ahred in last july you can decrypt tls 1.3 also. There is no requirement for the iRule anymore.
I am wondering if my tool can be integrated and if I can use editcap to inject the sessions secrets as done here.
I will try it and post my findings. For reference: https://community.f5.com/t5/codeshare/decrypting-tls-with-the-tcpdump-sslprovider/ta-p/298680
Edit: Unfortunately the editcap tool installed on the f5 has no "--inject-secrets" option, but if you use it on your local pc with wireshark installed, it works also with the pms file generated by my tool.