Decrypting BIG-IP Packet Captures Automatically
Published Jan 04, 2023
Version 1.0Was this article helpful?
> Nice! The system variable sys db tcpdump.sslprovider is great feature for the new 15.x versions and above
Right and with my tool ahred in last july you can decrypt tls 1.3 also. There is no requirement for the iRule anymore.
I am wondering if my tool can be integrated and if I can use editcap to inject the sessions secrets as done here.
I will try it and post my findings. For reference: https://community.f5.com/t5/codeshare/decrypting-tls-with-the-tcpdump-sslprovider/ta-p/298680
Edit: Unfortunately the editcap tool installed on the f5 has no "--inject-secrets" option, but if you use it on your local pc with wireshark installed, it works also with the pms file generated by my tool.