Jump to content

Need Help In Wireshark


chetna

Recommended Posts

You cant see encrypted traffic without a MITM to remove encryption before authentication. SSL strip or similar method would be needed. If the traffic is encryted, its damn near impossible unless the certificates in use cna be compromised and you can replay the data in a lab environment showing the plain text data.

There is one other method though, but is sort of backwards and doesnt use wireshark, but a sort of debugger. You can attach something like "Echo Mirage" to any process, and even if its encrypted traffic, you can see what it is doing before it even sends the data since the exe will have the unencrypted text before encrypting it to send on the wire.

http://www.youtube.com/user/pauldotcom#p/u/1/mItBKirtoiQ

Note on Echo Mirage though, this runs locally on your system, say, if you were hacked or something, you can watch in real time what someone remotely is doing to your machine(or honeypot).

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...