Capturing LDAPS traffic with keylog file
sudo apt install tcpdump
sudo tcpdump -i any -w ldaps.pcap 'tcp port 636' &
export SSLKEYLOGFILE=/home/dmitriano/dev/work/sslkeys.log
ldapsearch -H ldaps://$localhost:636 -x -D $ad_user -w $ad_password -b "DC=my,DC=local"
ll
-rw-r--r-- 1 tcpdump tcpdump 246320 Oct 14 13:50 ldaps.pcap
-rw-r--r-- 1 dmitriano dmitriano 176 Oct 14 13:47 sslkeys.log
Decrypting with WireShark
Edit -> Preferences:
it displays the captured traffic as follows:
