Ask Your Question

how to decrypt tlsv1.2 trafic from wireshark capture file in wireshark

asked 2022-02-25 22:34:14 +0000

ilqar200 gravatar image

Hello. I want to decrypt some tlsv1.2 trafic in wireshark. This trafic was captured from NetworkMiner and saved as wireshark capture file. These trafic belongs to some mobile app. I used bluestacks on windows to capture this mobile app trafic. Now i want to decrypt tlsv1.2 trafic from saved wireshark capture file. NetworkMiner also saved certificate files (.cer files). How to decrypt this tlsv1.2 trafic in this situation ? thanks.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-02-25 23:54:18 +0000

grahamb gravatar image

It's likely that you won't be able to decrypt the traffic as you don't have toe correct keying material. The certificate files probably don't have the private keys and would only be usable if the traffic was encrypted using certain ciphers.

More information on decrypting traffic and how to obtain the keying material can be found on the Wiki page for TLS.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-02-25 22:34:14 +0000

Seen: 350 times

Last updated: Feb 25 '22