Situatie
Wireshark makes decrypting SSL traffic easy
I really like the way Wireshark handles the SSL decryption process. Cryptography is complicated, and the standards are constantly changing to be more secure. But once Wireshark and your environment are set up properly, all you have to do is change tabs to view decrypted data. It doesn’t get any easier than that.
Solutie
Pasi de urmat
Follow these steps to read TLS packets in Wireshark:
- Start a packet capture session in Wireshark.
- In the top menu bar, click on Edit, and then select Preferences from the drop-down menu.
- In the Preferences window, expand the Protocols node in the left-hand menu tree.
- Click on SSL. The main panel of the window will show protocol settings.
- Enter a file name and select a location for SSL debug file.
- Click in RSA keys list and then select Edit and then New.
- Fill out the information fields in the pop-up window: IP address, Port, Protocol(which will be HTTPS), Key File, and Password. Press OK.
- Click OK in the Preferences screen.
The data field at the bottom of the main Wireshark page will show the decrypted contents of the packet.
The two-way SSL handshake authenticates both the server and the client. Here are the steps that are carried out in this process:
- Client hello: sent from the client to the server and includes its supported cipher suites and TLS version compatibilities.
- Server hello: sent from the server to the client in response. It contains a link to the server’s public certificate and a request for the same back from the client.
- The browser validates the server certificate and if all is OK, sends a link to its own certificate.
- The server checks out the client’s certificate. If all is OK, session establishment continues.
Leave A Comment?