Jump to content

Wireshark and HTTPS


Recommended Posts

It's obviously not that hard to find a user/pass when you sniff an HTTP packet w/ wireshark because it is in plaintext. But... since HTTPS is encrypted (friggin TLS :-p), what is the best way to decrypt it the packets you sniff? Thanks :-)

You would have to inject the victim with a forged certificate, hope they agree to use said certificate, and then have a way to decrypt all the traffic once saved to a file for decrypting. I can't remember the name of the program, but there is one that allows you to decrypt the traffic based on the fake certs you supply to the end user.

If you are on windows, I think Cain does this automatically and searches for the passwords for you if the user clicks to allow the certificate, but wireshark won't be able to read the traffic since cain is doing the decryoting for itself

You could try to take it further, with say, session hijacking. For that, you would need something like hamster and ferret on windows, or on linux I think it wifizoo. Sometimes in ssl connections you get plain text cookies sent back and forth or session data that is not encrypted during handshakes, so even on a https site, you may be able to log on to the site as the victim if they have this flaw. Not sure if TLS exibits this flaw though.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...