Ask Your Question
0

Decrypting HTTPS

asked 2022-05-06 14:59:21 +0000

I work for a small private school. Several of our students are using our WiFi password on personal devices which gives them unfiltered access to the internet. Yes, we have the capability to filter but it's not being used and I don't have any say in the matter. I want to know what our students are accessing from their personal devices so that I can present it to my admin. I understand how to decrypt TLS / HTTPS traffic from my computer but is it possible to decrypt all HTTPS traffic? --Thanks

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2022-05-06 21:22:04 +0000

SYN-bit gravatar image

Although @Jaap is absolutely correct about the decryption of TLS, if your main purpose is:

I want to know what our students are accessing from their personal devices so that I can present it to my admin

Then you do get to see a bit of where students are going. First of all, you could monitor the DNS traffic, but if they are using DoT or DoH, then that won't work. By inspecting the ServerNameIndication extension in the TLS ClientHello, you can see which sites are visited. Make a capture file and run tshark on it like:

tshark -nlr packets.pcapng -Y tls.handshake.type==1 -T fields -e ip.src -e tls.handshake.extensions_server_name
edit flag offensive delete link more
0

answered 2022-05-06 18:09:42 +0000

Jaap gravatar image

The short and sweet answer: No. That's the whole point of TLS connections.

Their exist technical means to implement DPI for HTTPS, but this involves setting up a special proxy and installing a specific certificate on all devices first.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-05-06 14:59:21 +0000

Seen: 1,003 times

Last updated: May 06 '22