This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hey, i want to sniff packets coming from a mobile device and i'm gonna use tcpdump to sniff them, so i need to know if there's there any way to get the RSA key for decryption.

asked 12 Jan '15, 02:17

LGMan's gravatar image

LGMan
11446
accept rate: 100%


Yes there is (assuming you're in a controlled environment where you are allowed to receive the private key), talk to the server administrator and ask him to give you the private key.

It it is a public website you want to decrypt the traffic from, you will need to proxy the traffic through an SSL termination proxy and do the decryption with the key of your proxy. An example of such a proxy is fiddler2.

permanent link

answered 13 Jan '15, 04:28

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thanks, but is there a way to decrypt https from a pcap file? I usually make a hotspot for some coworkers and i want to keep track of what they're browsing and make sure they don't do anything bad [or illegal]. I have a jailbroken idevice and i used tcpdump to collect data.

(15 Jan '15, 02:29) LGMan

Since the whole purpose of SSL is to make the contents of a transmission private between the client and the server, just capturing the traffic will not enable you to decrypt the traffic. You will need the session keys used (known only to the clients and the servers) or the private keys (only known to the servers) to decrypt the traffic.

(15 Jan '15, 12:45) SYN-bit ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×165
×11

question asked: 12 Jan '15, 02:17

question was seen: 1,888 times

last updated: 15 Jan '15, 12:45

p​o​w​e​r​e​d by O​S​Q​A