How to read ocsp package content in wireshark
5,104
In order to activate OCSP decoding, I had to activate HTTP decoding
Edit -> Preferences -> Protocols -> HTTP -> TCP Ports: add 9080
Related videos on Youtube
Comments
-
srghma over 1 year
I have deployed basic ocsp server from
OpenSSl Cookbook
by Ivan Ristic page 44 with following command:openssl ocsp -port 9080 -index db/index -rsigner root-ocsp.crt -rkey private/root-ocsp.key -CA root-ca.crt -text
And I want to investigate ocsp request content to my server in Wireshark:
openssl ocsp -issuer root-ca.crt -CAfile root-ca.crt -cert root-ocsp.crt -url http://127.0.0.1:9080
with filter
port 9080
applied to loopback (device?) I get necessary tcp packages:How to show their content in oscp format?
P.S. I cannot apply
oscp
filter, wireshark mark it with red.-
Admin about 7 yearsSince this is a HTTP request which includes the OCSP request you have to use HTTP as the protocol to show the details. IMHO Wireshark then displays the OCSP request and response in the body of the request/response as long as they have the correct Content-Type set.
-
Admin about 7 yearsI have recorded transaction on image, when I write
http
toApply a display filter...
no packages is displayed, how I must setHTTP as the protocol to show the details
? As you can see, content-type is present -
Admin about 7 yearsA display filter filters only, i.e. does not change how data are displayed but only which data are displayed. You have to change how the data are decoded instead. How this is done depends on the version of Wireshark. But for example
Analyze | Decode As
in current version. -
Admin about 7 yearsThanks, your answers had pushed me on right solution. It was very important for me
-