This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Find/Decrypt HTTPS Password

0

Hello. I need to find a gmail password in a sample capture for a school club using only wireshark. Gmail is obviously encrypted and I have no idea how to do this. There are so many packets with the google IP and I don't know which one to choose. Any and all help is appreciated.

asked 09 Feb '15, 15:56

Wire_Shark_Pro's gravatar image

Wire_Shark_Pro
1111
accept rate: 0%


One Answer:

1

You won't find the password, as gmail uses HTTPS (ssl/tls encryption) by default for some years.

Without the RSA key of the google servers (I guess you don't have those keys) or a dumped session key of the "attacked" browser (you'll have to dump that while you are accessing gmail) you won't be able to decrypt that communication unless you are a super hacker from an alien planet or you work for the NSA department Str0ngBalls78. In the later case, you will get displaced tomorrow morning at 0600 because you asked silly questions in an open forum ;-)

Regards
Kurt

answered 09 Feb '15, 16:07

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 09 Feb '15, 16:09

I probably have a dumped session key as the capture file was designed for high school kids to find the gmail password. I am positive I have all the information i just need to know how to find the session key, and use it to decrypt the HTTPS password

(09 Feb '15, 16:10) Wire_Shark_Pro

I probably have a dumped session key as the capture file was designed for high school kids to find the gmail password. I am positive I have all the information i just need to know how to find the session key, and use it to decrypt the HTTPS password

(09 Feb '15, 16:13) Wire_Shark_Pro

Ah, O.K. then please have a look at one of those ssl decryption tutorials:

https://www.google.com/?q=wireshark+ssl+decryption+tutorial

One of the first 3-5 should help.

There are so many packets with the google IP and I don't know which one to choose

Think about DNS!!

(09 Feb '15, 16:14) Kurt Knochner ♦