Hello. I need to find a gmail password in a sample capture for a school club using only wireshark. Gmail is obviously encrypted and I have no idea how to do this. There are so many packets with the google IP and I don't know which one to choose. Any and all help is appreciated. asked 09 Feb '15, 15:56  Wire_Shark_Pro |
One Answer:
You won't find the password, as gmail uses HTTPS (ssl/tls encryption) by default for some years. Without the RSA key of the google servers (I guess you don't have those keys) or a dumped session key of the "attacked" browser (you'll have to dump that while you are accessing gmail) you won't be able to decrypt that communication unless you are a super hacker from an alien planet or you work for the NSA department Str0ngBalls78. In the later case, you will get displaced tomorrow morning at 0600 because you asked silly questions in an open forum ;-) Regards answered 09 Feb '15, 16:07  Kurt Knochner ♦ edited 09 Feb '15, 16:09 |
I probably have a dumped session key as the capture file was designed for high school kids to find the gmail password. I am positive I have all the information i just need to know how to find the session key, and use it to decrypt the HTTPS password
I probably have a dumped session key as the capture file was designed for high school kids to find the gmail password. I am positive I have all the information i just need to know how to find the session key, and use it to decrypt the HTTPS password
Ah, O.K. then please have a look at one of those ssl decryption tutorials:
One of the first 3-5 should help.
Think about DNS!!