How to Decrypt SSL traffic using Wireshark

By -

How to Decrypt SSL traffic using Wireshark

How to Decrypt  traffic using Wireshark : SSL is one the best way to encrypt network traffic and avoiding men in the middle attacks and other  attacks. But there are still multiple ways by which hackers can decrypt SSL traffic and one of them is with the help of Wireshark. Wireshark has an awesome inbuilt feature which can decrypt any traffic over a selected network card. So friends today we will learn  or HTTPS traffic over network with help of Wireshark tool.
Basic Requirement for Decrypting SSL Traffic :
  • Wireshark
  • SSL Private Key
  • Basic knowledge in the following areas:
    • Network traces
    • Networking, TCP/IP and SSL/TLS protocols
    • Certificates and the use of Public and Private Keys
    • The Wireshark network protocol analyzer
Note: We will be using  for decryption of network traffic but similar can be done on windows operating system too with help of minor tweaks.
How to Decrypt SSL traffic using Wireshark
Decrypt SSL traffic using Wireshark

Decryption of SSL Traffic using Wireshark :

Step1 : Start monitor mode
Select your network card for monitoring network traffic by giving following command at terminal:
$ airmon-ng start wlan0
You can find complete list of network cards using a simple command ifconfig on terminal i.e. Kali Linux (or ipconfig/all on Windows).
You will need airmon in windows if you wish to use the same on windows OS.

Step 2 : Obtain SSL Private Key using OpenSSL
In order to obtain the SSL private key, you have to execute the below command at Kali Linux terminal:
openssl req -x509 -nodes -newkey rsa:1024 -keyout testkey.pem -out testcert.pem
The above command will create two files in your home directory:
a. testkey.pem (which is a private test key)
b. testcert.prem (which is a self signed certificate)
Note: You have to use the same keys on your server.

Step 3 : Setup Wireshark to decrypt network card traffic
You can start Wireshark by giving following command on terminal :
   $ wireshark
Now go in preferences in edit menu then go to protocol on left side and then SSL protocol.
How to Decrypt SSL traffic using Wireshark
Wireshark Key file entries
And fill the following details as mentioned below :
IP :  of Server
Port : 443
Protocol : HTTP
Key File : Select the key file generated in above step
Password : Its up to you, you wanna provide or not.
That’s it. Now you will get decrypted result for for any SSL or TLS protocols.
Note : You can also use a filter for SSL as mentioned below :
 tcp.port==443 –
This will filter all SSL traffic.
If you have any doubts feel free to ask and don’t forget to say thanks if you like our tutorials. Keep Learning !! Keep Connected!!

Comments

Post a Comment

Popular posts from this blog

HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING KALI LINUX.

By -
Image
HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING  KALI LINUX . Today,i am going to show you how you can get email-id,username and password or any user details you want by using  KALI LINUX . STEPS FOR SETTING UP YOUR SYSTEM. Download Kali Linux from   here . Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement. NOTE:During installation,in mount point of selected installation drive,set mount point to  "/" . Remember the username and password while installation as this will
Read more

Port Fail Vulnerability : Critical VPN Vulnerability

By -
Image
Port Fail Vulnerability : Critical VPN Vulnerability How Port Fail Vulnerability Exposes your REAL IP on SKYPE Using Port Fail Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login. Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from  nmap  package suits our needs very well: # nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39  RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32    Max rtt: N/A | M
Read more