This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello all,

I'm trying to decrypt traffic that is going from and coming into my chat client (tldr I want to forward it, unencrypted). I see from wireshark that it is using a TLSv1.1 style handshake to set up the encryption. I don't fully understand the process of what's going on here.

The overall question is, if the chat client can encode and decode information going to and coming from the server, why can't I? I would think this should be as easy as finding the RSA key file stored on my local machine.

asked 14 Mar '15, 17:03

Annomaly's gravatar image

Annomaly
6112
accept rate: 0%

edited 14 Mar '15, 17:27

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118


In an RSA handshake, the client uses the public key in the certificate from the server to encrypt the premaster secret. The server is able to use its private key to decrypt the encrypted premaster secret. Then both client and server are able to use the premaster secret to create a session key for the encryption/decryption of the data stream.

Wireshark also uses the private key from the server to decrypt the premaster secret (which is sent by the client in the ClientKeyExchange handshake message). But as said, it is stored on the server, not the client.

permanent link

answered 15 Mar '15, 12:15

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Interesting. As far as I can tell the data is encrypted. To me that simply means: No text visible in any of the packets, I can't string.search(msg).

I can, however, view the premaster secret. I assume the private key is sent encrypted and session based, however, there must be a way to capture this. After all, I'm trying to "decrypt" my own messages.

  • The struggles of a novice.
(16 Mar '15, 05:40) Annomaly
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×165
×75
×21
×11

question asked: 14 Mar '15, 17:03

question was seen: 2,892 times

last updated: 16 Mar '15, 05:50

p​o​w​e​r​e​d by O​S​Q​A