jSSLKeyLog - Java Agent Library to log SSL session keys to a file for Wireshark

© 2012, 2014 Michael Schierl, <schierlm at users dot sourceforge dot net>

Download

Main program

Download jSSLKeyLog 1.1 (70 KB)

Download jSSLKeyLog 1.1 source code (20 KB)

Introduction

jSSLKeyLog is a Java Agent Library that logs SSL session keys of connections created by a Java application to a log file understood by Wireshark, so that "Follow SSL stream" can be used to debug SSL connection issues as if the connection was not encrypted. It works with both Java server and client software.

System requirements

A Java Runtime environment 1.5 or above is needed. You can get it from Java.com. The agent library was tested with Java 1.5 to 1.8; as it accesses internal API directly, it might not work in more recent versions without updating.

Usage

First download jSSLKeyLog and extract it.

Locate the command line used to start the Java program (usually hidden in some script or batch file) you want to monitor, it will usually look like
java ... -jar file.jar ... or java ... some.class.Name ... .

Now add an additional parameter directly after the java command name, which is -javaagent:jSSLKeyLog.jar=/path/to/your_logfile.log, so that the complete command looks like this:
java -javaagent:jSSLKeyLog.jar=/path/to/your_logfile.log ... -jar file.jar ...

You can give an absolute or relative path to jSSLKeyLog.jar and to your logfile.

If you use a double == between name of the Jar file and the name of your log file, extra verbose comments (containing timestamps and local/remote host/ip) will be written before the individual entries.

The logfile will be written while the program is running. Now just point Wireshark to that logfile and happy SSL decoding!

Note that for decoding ECDSA ciphers, at least Wireshark 1.11.3 (as of now, a development version, but probably already stable when you are reading this) is required.

Sourceforge project page

is located here.

Subversion

You can get the latest source code (and check in your additions if you are a developer) from subversion.

Anonymous access: Use
svn co http://svn.code.sf.net/p/jsslkeylog/code/trunk jsslkeylog
or
svn co svn://svn.code.sf.net/p/jsslkeylog/code/trunk jsslkeylog
to check out the latest version. You can also use GUI programs like TortoiseSVN (Explorer plugin).

Developer access: Contact me so that I can add you to this project. You will need a sourceforge.net account for this. Then you can use
svn co https://svn.code.sf.net/p/jsslkeylog/code/trunk jsslkeylog
or svn co svn+ssh://username@svn.code.sf.net/p/jsslkeylog/code/trunk jsslkeylog
with your credentials. Or submit your changes by e-mail; then I will commit them (In the latter case please make sure that your From address is replyable, in case of any questions. If my answer bounces, I will not commit your patch!).

You can also browse the repository.

Contact me

You can send suggestions and bug reports to my sourceforge e-mail address.

Have fun!

Get jSSLKeyLog at SourceForge.net. Fast, secure and Free Open Source software downloads