How to Decrypt SSL traffic using Wireshark
How to Decrypt SSL traffic using Wireshark : SSL is one the best way to encrypt network traffic and avoiding men in the middle attacks and other session hijacking attacks. But there are still multiple ways by which hackers can decrypt SSL traffic and one of them is with the help of Wireshark. Wireshark has an awesome inbuilt feature which can decrypt any traffic over a selected network card. So friends today we will learn how to decrypt SSL traffic or HTTPS traffic over network with help of Wireshark tool.
Basic Requirement for Decrypting SSL Traffic :
- Wireshark
- SSL Private Key
- Basic knowledge in the following areas:
- Network traces
- Networking, TCP/IP and SSL/TLS protocols
- Certificates and the use of Public and Private Keys
- The Wireshark network protocol analyzer
Note: We will be using Kali Linux for decryption of network traffic but similar can be done on windows operating system too with help of minor tweaks.
Decryption of SSL Traffic using Wireshark :
Step1 : Start monitor mode
Select your network card for monitoring network traffic by giving following command at terminal:
$ airmon-ng start wlan0
You can find complete list of network cards using a simple command ifconfig on terminal i.e. Kali Linux (or ipconfig/all on Windows).
You will need airmon in windows if you wish to use the same on windows OS.
Step 2 : Obtain SSL Private Key using OpenSSL
In order to obtain the SSL private key, you have to execute the below command at Kali Linux terminal:
openssl req -x509 -nodes -newkey rsa:1024 -keyout testkey.pem -out testcert.pem
The above command will create two files in your home directory:
a. testkey.pem (which is a private test key)
b. testcert.prem (which is a self signed certificate)
Note: You have to use the same keys on your server.
Step 3 : Setup Wireshark to decrypt network card traffic
You can start Wireshark by giving following command on terminal :
$ wireshark
Now go in preferences in edit menu then go to protocol on left side and then SSL protocol.
And fill the following details as mentioned below :
IP : IP Address of Server
Port : 443
Protocol : HTTP
Key File : Select the key file generated in above step
Password : Its up to you, you wanna provide or not.
That’s it. Now you will get decrypted result for for any SSL or TLS protocols.
Note : You can also use a filter for SSL as mentioned below :
tcp.port==443 –
This will filter all SSL traffic.
If you have any doubts feel free to ask and don’t forget to say thanks if you like our tutorials. Keep Learning !! Keep Connected!!