Step by step SSL decrypt with wireshark

asked 2017-12-30 14:05:42 +0000

jdoe
1 ●1 ●2 ●1

I want to decrypt my traffic from my browser (Firefox Quantum). It sends https traffic over my router, where I try to dump it with tcpdump. Then I want to decrypt that file with wireshark and I want to see if I can get the URLs that I visited. I read that I need a ssl key and a tls key in order to do that. However, it seems not to work. But I am sure that I am doing something wrong. Therefore I wanted to ask if my start is correct at all:

tcpdump -i wlan0 -s 0 port 443 -w dump.pcacp

Thanks jdoe

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2017-12-30 15:01:28 +0000

Uli
1123 ●1 ●25 ●23

Have a look at Peter's slides of his talk at Sharkfest.

TL;DR:

Set environment variable SSLKEYLOGFILE before starting Firefox
Configure file in Wireshark preferences: Edit → Preferences; Protocols → SSL; (Pre-)Master Secret log filename.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-12-30 14:05:42 +0000

Seen: 36,851 times

Last updated: Dec 30 '17

Step by step SSL decrypt with wireshark edit

1 Answer