Advertisements

How to Decrypt SSL traffic using Wireshark

SSL is one the best ways to encrypt network traffic and avoiding man in the middle attacks and other session hijacking attacks. But there are still multiple ways by which hackers can decrypt SSL traffic and one of them is with the help of Wireshark. Wireshark has an awesome inbuilt feature which can decrypt any traffic over a selected network card.

Requirements for Decrypting  SSL Traffic :

  • Wireshark
  • SSL Private Key
  • Basic knowledge in the following areas:
    • Network traces
    • Networking, TCP/IP and SSL/TLS protocols
    • Certificates and the use of Public and Private Keys
    • The Wireshark network protocol analyzer

Note: We will be using Kali Linux for decryption of network traffic but similar can be done on windows operating system too with help of minor tweaks.

How to Decrypt SSL Traffic using Wireshark :

Step1 : Start monitor mode

Select your network card for monitoring network traffic by giving following command at terminal:

$ airmon-ng start wlan0

You can find complete list of network cards using a simple command ifconfig on terminal i.e. Kali Linux (or ipconfig/all on Windows).

You will need airmon in windows if you wish to use the same on windows OS.

 

Step 2 : Obtain SSL Private Key using OpenSSL

In order to obtain the SSL private key, you have to execute the below command at Kali Linux terminal:

openssl req -x509 -nodes -newkey rsa:1024 -keyout testkey.pem -out testcert.pem

The above command will create two files in your home directory:

a. testkey.pem (which is a private test key)

b. testcert.prem (which is a self signed certificate)

Note: You have to use the same keys on your server.

 

Step 3 : Setup Wireshark to decrypt network card traffic

You can start Wireshark by giving following command on terminal :

   $ wireshark

Now go in preferences in edit menu then go to protocol on left side and then SSL protocol.

And fill the following details as mentioned below :

IP : IP Address of Server

Port : 443

Protocol : HTTP

Key File : Select the key file generated in above step

Password : Its up to you, you wanna provide or not.

That’s it. Now you will get decrypted result for for any SSL or TLS protocols.

Note : You can also use a filter for SSL as mentioned below :

 tcp.port==443 –

This will filter all SSL traffic.
If you have any doubts regarding How to Decrypt SSL Traffic, feel free to askAnd fill the following details as mentioned below :IP : IP Address of Server

Port : 443

Protocol : HTTP

Key File : Select the key file generated in above step

Password : Its up to you, you wanna provide or not.

That’s it. Now you will get decrypted result for for any SSL or TLS protocols.

Note : You can also use a filter for SSL as mentioned below :

tcp.port==443 –

 This will filter all SSL traffic.
Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
Advertisements
%d bloggers like this: