1

I'm trying to view the payload of QUIC packets although, with no luck. I can decrypt fine TLS packets using SSLLOGFILE file that generated by the browser and load it to Wireshark, I can see HTTPS and DoH and almost all TLS encrypted packets are decrypted correctly.

With QUIC this isnt the case, I can across this post: https://bugs.chromium.org/p/chromium/issues/detail?id=1101691

And there they said that the problem with SSLKEYLOGFILE exporting keys for quic with chrome has been fixed in chrome 89, so I've downloaded chrome 90 (chrome dev version) but still no luck.

Any Ideas what i'm doing wrong?

I can see QUIC packets, can see the client hello and all of the unencrypted QUIC packets are parsed correctly in wireshark, but still no decryption.

Neyney10
  • 13
  • 3

1 Answers1

0

With Chrome 88.0.4324.192 and Wireshark 3.5.0rc0-788 i can succesfully capture and decrypt a quic draft-29 ("h3-29") session.

Peter
  • 546
  • 2
  • 13
  • Yes, using wireshark 3.4.0, Chrome 90, and trying to decrypt h3-29 with no luck, wireshark still shows "Protected Payload" of QUIC packets, although, but updating to wireshark 3.4.3 somehow fixed the issue (although wireshark 3.3.0+ should work and decrypt h3-29), Thank you – Neyney10 Mar 11 '21 at 13:17