Decrypting HTTPS

asked 2022-05-06 14:59:21 +0000

I work for a small private school. Several of our students are using our WiFi password on personal devices which gives them unfiltered access to the internet. Yes, we have the capability to filter but it's not being used and I don't have any say in the matter. I want to know what our students are accessing from their personal devices so that I can present it to my admin. I understand how to decrypt TLS / HTTPS traffic from my computer but is it possible to decrypt all HTTPS traffic? --Thanks

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2022-05-06 21:22:04 +0000

SYN-bit

18344 ●9 ●301 ●255 https://SYN-b.it

Although @Jaap is absolutely correct about the decryption of TLS, if your main purpose is:

I want to know what our students are accessing from their personal devices so that I can present it to my admin

Then you do get to see a bit of where students are going. First of all, you could monitor the DNS traffic, but if they are using DoT or DoH, then that won't work. By inspecting the ServerNameIndication extension in the TLS ClientHello, you can see which sites are visited. Make a capture file and run tshark on it like:

tshark -nlr packets.pcapng -Y tls.handshake.type==1 -T fields -e ip.src -e tls.handshake.extensions_server_name

edit flag offensive delete link

add a comment

answered 2022-05-06 18:09:42 +0000

Jaap

13730 ●684 ●115

The short and sweet answer: No. That's the whole point of TLS connections.

Their exist technical means to implement DPI for HTTPS, but this involves setting up a special proxy and installing a specific certificate on all devices first.