Fork me on GitHub

jSSLKeyLog - Java Agent Library to log SSL session keys to a file for Wireshark

© 2012, 2014, 2017, 2018, 2020 Michael Schierl, <schierlm at gmx dot de>

Download

Main program

Download jSSLKeyLog 1.3 (140 KB)

Download jSSLKeyLog 1.3 source code (26 KB)

Introduction

jSSLKeyLog is a Java Agent Library that logs SSL session keys of connections created by a Java application to a log file understood by Wireshark, so that "Follow SSL stream" can be used to debug SSL connection issues as if the connection was not encrypted. It works with both Java server and client software.

System requirements

A Java Runtime environment 1.7 or above is needed. You can get it from Java.com. In case you want to use it with Java 1.5 or 1.6, use version 1.1 of this program instead. The agent library was tested with Java 1.7 to 15; as it accesses internal API directly, it might not work in more recent versions without updating.

Usage

First download jSSLKeyLog and extract it.

Locate the command line used to start the Java program (usually hidden in some script or batch file) you want to monitor, it will usually look like
java ... -jar file.jar ... or java ... some.class.Name ... .

Now add an additional parameter directly after the java command name, which is -javaagent:jSSLKeyLog.jar=/path/to/your_logfile.log, so that the complete command looks like this:
java -javaagent:jSSLKeyLog.jar=/path/to/your_logfile.log ... -jar file.jar ...

You can give an absolute or relative path to jSSLKeyLog.jar and to your logfile.

If you use a double == between name of the Jar file and the name of your log file, extra verbose comments (containing timestamps and local/remote host/ip) will be written before the individual entries.

The logfile will be written while the program is running. Now just point Wireshark to that logfile and happy SSL decoding!

Note that for decoding ECDSA ciphers, at least Wireshark 1.11.3 is required.

GitHub project page

is located here.

Source Code

You can get the latest source code (and check in your additions if you are a developer) from git.

Anonymous access: Use
git clone https://github.com/jsslkeylog/jsslkeylog.git jsslkeylog
to check out the latest version. You can also check out using Subversion, if you prefer:
svn co https://github.com/jsslkeylog/jsslkeylog.git jsslkeylog

Developer access: The preferred workflow is to create a fork on GitHub and send a pull request via the GitHub website. If you do not have a GitHub account, you can also create the fork on one of the many other git hosting sites and send the pull request via e-mail.

You can also browse the repository.

Contact us

Feel free to open an issue on GitHub

If you do not have a GitHub account, you can send suggestions and bug reports to my e-mail address.

Have fun!