Sunday, September 8, 2024
Latest:
Linux serverNETWORK ADMINISTRATIONSsmtp server liux

How to DECRYPT HTTPS Traffic with Wireshark

In this tutorial, we are going to capture the client side session keys by setting an environment variable in Windows, then feed them to Wireshark for TLS 1.3 decryption.

Follow along with me by downloading the trace file and keylog file here:
https://bit.ly/decrypttraffic

Steps to capture client session key:
Open Control Panel:System
Select Advanced System Settings
Select Environment Variables
Add a new variable: SSLKEYLOG
Save to a location with a name ending in *.log
Restart Chrome (You may have to reboot Windows in some cases)
Capture Traffic
Add the keylog file to the TLS Protocol in Wireshark Preferences.

If you liked this video, I’d really appreciate you giving me a like and subscribing, it helps me a whole lot. Also don’t be shy, chat it up in the comments!

== More On-Demand Training from Chris ==
▶Getting Started with Wireshark – https://bit.ly/udemywireshark
▶Getting Started with Nmap – https://bit.ly/udemynmap

== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark – https://bit.ly/virtualwireshark

== Private Wireshark Training ==
Let’s get in touch – https://packetpioneer.com/product/private-virtual-classroom/

source

by Chris Greer

linux smtp client

You May Also Like

SC-900 Microsoft Security, Compliance, and Identity Fundamentals Crash Course | Real Exam Questions

Docker Images and Containers

Windows Server 2019 Administration – learn IT Certification

Alice AUSTIN

38 thoughts on “How to DECRYPT HTTPS Traffic with Wireshark

  • I’ve been trying to understand activity done on websites such as something like, what did someone look up on google? Is it possible to see what they searched or is the decryption not that strong?

  • It is completely frustrating when you follow the directions and sextuple check the file path, but the keylog.log file just isn't in the file and you've restarted Chrome. This is compounded by seeing others with the same problem on Microsoft Community and Stack Overflow, and you follow all the different trouble shooting scenarios but still the file isn't where it is supposed to be. I don't have hours and hours to try and find a file that is listed in the environmental variables window where it was created and the path is correct, but when you go to File Explorer to see the results and check the file AND IT ISN'T THERE

  • I must be doing something wrong cause I don't see the sslkeylogfile.log file I created…

  • more than 10 years ago in my college, there was an engineer came to talk with student, he said about https and how secure it is, i doubted that and ask him back how. unfortunately the time was up and the talk dismissed. now i know that i wasn't wrong

  • ********** File Capture Issue*********
    Make sure you are using windows 10 home Operating system and oldest available version of wireshark which is currently 3.6.22
    *********************************

  • this method seems to be obsolete, the logfile never gets created when I run chrome.

  • 🔴 Important note the variable name is "SSLKEYLOGFILE" not "SSLKEYLOG" as in the description

  • Could you please do a video on how to track a software that phoning home and how to prevent it; for someone who is not in IT. Thank you!

  • Thanks for the video. Please could you explain why we see under Transport Layer security TLSv1.3 and the Version TLS 1.2 (0x0303) at 6:47?

  • How to do this with a desktop application? it's not saving any data to the log file .

  • Hi Chris, I tried downloading the files and it's not working. Please is there ant other way of downloading the files?

  • From iran thanks . in iran Internet Fully censored we Neeed This Tool . For Learn Networking . How Network Working . Fk Dictator*ship regime

  • I'm sorry, but you referenced at 1:18 – SSLKEYLOGFILE to userschris but never referenced it again. At 5:38, you referenced a different file. Were they meant to be the same?

  • Can anyone give me some suggestions on why the only TLS packet I'm seeing is client hello?

  • thats methods on decrypting your own trafficc not the victim traffic Right ?!

  • I followed your instructions to the "T" and my log file is not getting populated with temporary keys. After saving setting up the Windows Environment and setting up the SSLKEYLOG, saving it, and opening up chrome and wire shark, the log file remains blank. Any suggestions why????

  • pcap seems deleted and keyloger file to ..chris can we have your TLS profile demo once to setup own

  • once you enter variable sslkeylog it will automatically generate or u have to create a text file? and how did your wireshark show https website you visited shows up quickly? Why mine is not showing up? Studying wireshark. IT student

  • Thank you Chris…This is an amazing video…I wanted to know is it possible to do the same with safari browser in Mac os if so can you please point me the steps… Thanks in advance.

  • What if we are using an android application such as an online game then how to decrypt the tls1.3 packet

  • browser settings can influence packet capture by wireshark? I was trying to test this, but it didn't work, and I thought it might be because of my browser settings.

  • Fantastic guide! I don't normally comment, but you need to know that you are doing fantastic work! I am experiencing Wireshark for the very first time in a CTF and this was clear, informative, and helpful!

  • When I saw you change a hat I knew this lesson would be outstanding

  • Hi Chris, thanks for this one really learnt a lot here. In saying that I've been seeing more of Application Layer Encryption lately, so in theory if you encrypt at the application level before hitting the pipe and encrypt using TLS, would you be able to get to the cleartext?

  • Hi Chriss as I do for installing the variable of environment of the file sslkeylogfile on linux?. Thanks hi

  • can we 'break' https connection by doing this? like can we now see log in passwords from https sites of a user?

Comments are closed.