© 2012, 2014 Michael Schierl, <schierlm at users dot sourceforge dot net>
Download jSSLKeyLog 1.1 (70 KB)
Download jSSLKeyLog 1.1 source code (20 KB)
jSSLKeyLog is a Java Agent Library that logs SSL session keys of connections created by a Java application to a log file understood by Wireshark, so that "Follow SSL stream" can be used to debug SSL connection issues as if the connection was not encrypted. It works with both Java server and client software.
A Java Runtime environment 1.5 or above is needed. You can get it from Java.com. The agent library was tested with Java 1.5 to 1.8; as it accesses internal API directly, it might not work in more recent versions without updating.
First download jSSLKeyLog and extract it.
Locate the command line used to start the Java program (usually hidden in some
script or batch file) you want to monitor, it will usually look like
java ... -jar file.jar ... or java ... some.class.Name ... .
Now add an additional parameter directly after the java command name, which
is -javaagent:jSSLKeyLog.jar=/path/to/your_logfile.log, so that the complete
command looks like this:
java -javaagent:jSSLKeyLog.jar=/path/to/your_logfile.log ... -jar file.jar ...
You can give an absolute or relative path to jSSLKeyLog.jar and to your logfile.
If you use a double == between name of the Jar file and the name of your log file, extra verbose comments (containing timestamps and local/remote host/ip) will be written before the individual entries.
The logfile will be written while the program is running. Now just point Wireshark to that logfile and happy SSL decoding!
Note that for decoding ECDSA ciphers, at least Wireshark 1.11.3 (as of now, a development version, but probably already stable when you are reading this) is required.
is located here.
You can get the latest source code (and check in your additions if you are a developer) from subversion.
Anonymous access: Use
svn co http://svn.code.sf.net/p/jsslkeylog/code/trunk jsslkeylog
svn co svn://svn.code.sf.net/p/jsslkeylog/code/trunk jsslkeylog
to check out the latest version. You can also use GUI programs like TortoiseSVN (Explorer plugin).
Developer access: Contact me so that I can add you to this
project. You will need a sourceforge.net account for this. Then you
svn co https://svn.code.sf.net/p/jsslkeylog/code/trunk jsslkeylog
or svn co svn+ssh://email@example.com/p/jsslkeylog/code/trunk jsslkeylog
with your credentials. Or submit your changes by e-mail; then I will commit them (In the latter case please make sure that your From address is replyable, in case of any questions. If my answer bounces, I will not commit your patch!).
You can also browse the repository.
You can send suggestions and bug reports to my sourceforge e-mail address.