OSQA is unmaintained. Help us figure out where to go from here.

Hello!

I need to decrypt outgoing traffic that my browser sends to server. I read that I can use Google Chrome browser which will generate all that SSL data stuff and I just would set path to this file in WireShark preferences. I've done it but there's no pane "Decrypted SSL data". My file contains strings like: 1) RSA a50214f50efc0ce0 03038488ef47796daeb5b9d1b849e90852ad3ae03aec71576e34b6517bf1e8914624e819aa31f1e97eaf6b82fe6fe1d3 2) CLIENT_RANDOM 05207c73974878df11a3d00dbfb932036fea9458fc638f92c6cd254409f2e3da 7729dcf9d4da029633bbe7da02302110f8cbe6c211e293c378e7a031e73020fbc8c9a236e07196ead5e10004e21acc26 Is this format correct? Should I change something to make decryption work? Also there was line in a guide I read that it will work only when you have specific Cipher Suite. In my case it is Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f). Will this method work for me? Thanks in advance!

asked 01 Aug '15, 10:19

krow7's gravatar image

krow7
21113
accept rate: 0%


I followed the instructions from this guy's site --> jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ and was able to find some packets that would decrypt. What I have found (and its not really much help to you) is that not every frame or packet will be decrypted. If you want to see if yours is working try opening the page I show above using https. Then start a fresh capture with wireshark, and refresh the page above. and then scroll through the frames until you see the tab you are looking for using a display filter of "ssl && tcp".

permanent link

answered 02 Aug '15, 20:10

greenfreq's gravatar image

greenfreq
66127
accept rate: 33%

I tried to check frames from site you mentioned and it worked but not for my frames :( Thanks anyway for your responce. It became more clear to me.

(03 Aug '15, 05:39) krow7
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×306
×159
×6
×1

question asked: 01 Aug '15, 10:19

question was seen: 1,940 times

last updated: 03 Aug '15, 05:39

p​o​w​e​r​e​d by O​S​Q​A