Ask Your Question

Where do I mistake when trying to decrypt my own tls1.2 traffic with Wireshark?

asked 2020-04-16 08:13:14 +0000

Lonblon gravatar image

I tried to build a decoder of tls1.2 by myself in order to really understand how it all works. First thing, I wanted to test with wireshark if can decrypt my own web tls1.2 traffic and I failed!

Here are the steps I followed:

(1) Used a ready to use flask server+certificate+private key from this git repository On Machine A

(2) I opened wireshark on Machine A.

(3) I opened a virtual machine with some Windows OS on it, lets call it Machine B and I surfed from there into the web I opened on Machine A.

(4) I stopped the Wireshark sniffing on Machine A and loaded the private key from the git repository into the ssl decoder so it looks like this: ssl decoder configurations.

The ip field contains the ip of Machine A which the website is on.

After select Ok on the 'ssl configuration box', I still cannot see any traffic decrypted.

Why is it? What am I doing wrong?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-04-16 09:54:49 +0000

grahamb gravatar image

As per the TLS wiki page, decryption with the server private key only works under certain circumstances.

Using pre-master secrets, if your server or client can be persuaded to emit them, succeeds in decryption more often.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-04-16 08:13:14 +0000

Seen: 298 times

Last updated: Apr 16 '20