最後更新: 2019-03-15
WinPcap driver
The WinPcap driver (Called NPF) is loaded by Wireshark when it starts to capture live data.
load WinPcap driver requires administrator privileges.
Once the driver is loaded, every local user can capture from it until it's stopped again.
Note: Simply stopping Wireshark won't stop the WinPcap driver!
Start the NPF driver by hand
runas /u:administrator "net start npf"
The NetGroup Packet Filter Driver service was started successfully.
環境變數 - SSLKEYLOGFILE
取得 Firefox & Chrome 的 HTTPS 連線的 Private key
Computer -> properties -> "Advance system settings" -> "Environment Variables"
name: SSLKEYLOGFILE
------
導入 Wireshark 來解密
Only worked when using RSA for the key exchange mechanism
( 因為此機制的 FS (forward secrecy) 係 broke 的)
Edit -> Preferences -> Protocols -> SSL -> (Pre)-Master-Secret log filename
Comment Column