OSQA is unmaintained. Help us figure out where to go from here.

Hi folks,

During an Https connection,our browser will encrypt the randomly generated number with the public key of a website to have an encrypted communication.I just want to know is there any method to find out the randomy generated number of our browser using wireshark. I would also like to know can we sniff https connection to see the payload?I heard there are some tools available in market to find what are the datas send via HTTPS.

Regards, Bluebird

asked 07 Jun '12, 22:19

bluebird77's gravatar image

bluebird77
1112
accept rate: 0%


I just want to know is there any method to find out the randomy generated number of our browser using wireshark.
I would also like to know can we sniff https connection to see the payload?

No, wireshark can't "find" the key for you (e.g. by searching the computer memory).

However, you can decrypt an SSL session, if you give wireshark the private key of the webserver (only possible if you have access to that key!). By sniffing the SSL handshake, wireshark is able to extract the session key. See here:

http://wiki.wireshark.org/SSL

Follow the instructions and you will be able to decrypt a SSL connection.

I heard there are some tools available in market to find what are the datas send via HTTPS.

That's most certainly plugins for a browser, that are able to capture data in the browser before it gets encrypted. Like these:

http://www.httpwatch.com/
http://www.iewatch.com/

My preferred tool for web debugging is a proxy that is able to do SSL "decryption".

http://www.fiddler2.com/fiddler2/

Fiddler is a good companion to wireshark if you don't have access to the web server's private key and you need to "see" the decrypted communication (URLs, error messages, etc.).

Regards
Kurt

permanent link

answered 08 Jun '12, 01:30

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.7k1037235
accept rate: 15%

edited 08 Jun '12, 02:04

thanks Kurt.....

(13 Jun '12, 21:34) bluebird77

Should the question be about how to find the random number (32 bytes) which client's browser sends to web server and what number (along with server's random number (32 bytes)) is employed to generate the session key (the length depends on cipher suit, which code is not encrypted within the handshake) then this random number (server's random number as well) is sent in unencrypted form too.

permanent link

answered 31 Jan '14, 12:59

Buktop's gravatar image

Buktop
112
accept rate: 0%

edited 31 Jan '14, 13:16

Actually to be more precise the https site visited gives the browser a certificate which has its public key in it (this can be seen in the certificate). The browser in return makes a pseudo-randomly generated symmetric from mouse clicks a key presses and encrypts the public key with it. On the other side, the site upon receiving the encrypted public key, uses its private key to decrypt it.

So here the question is on being able to read the symetric key generated by the browser to encrypt the https public key.

permanent link

answered 13 Jul, 19:24

nassim's gravatar image

nassim
61
accept rate: 0%

You are trying to describe a key exchange based on a RSA cipher suite, but some details are misleading:

  1. The RSA public key encrypts a randomly generated premaster secret. Not the other way round. The server decrypts the encrypted premaster secret with its private RSA key and obtains the same premaster secret.
  2. This premaster secret is not generated from just mouse clicks and key presses. It is taken from a (pseudo)random number generator which could (but does not have to) incorporate things like mouse clicks.

If you provide the private RSA key file to Wireshark and such a RSA key exchange is in use, then Wireshark can decrypt packets on the fly. If a Diffie-Hellman key exchange is in use, then it becomes a different story.

(14 Jul, 07:45) Lekensteyn
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×69

question asked: 07 Jun '12, 22:19

question was seen: 5,295 times

last updated: 14 Jul, 07:45

p​o​w​e​r​e​d by O​S​Q​A