This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is there a way to decrypt the https traffic generated by some device on my home network with Wireshark running on my computer?? I was able to decrypt the 802.11 traffic with monitor mode enabled, the WPA2 key provided to Wireshark and the complete EAPOL handshake captured (generated by the device I'm trying to kinda spy on), but I can't seem to be able to eavesdrop, for example, the safe browsing activity happening on my network...

Thanks!

asked 05 Dec '15, 10:47

p1020175's gravatar image

p1020175
6335
accept rate: 0%


Are you joking? I'd think that "anonymous browsing" should behave as its name suggests, so for web pages visited in this mode, the browser should not store the session keys even if instructed to do so using SSLKEYLOGFILE variable.

permanent link

answered 05 Dec '15, 10:55

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 05 Dec '15, 11:20

The information about the anonymous part is false, the SSL library (Chrome's OpenSSL fork / NSS) requires this key and does not distinguish between (non-)"anonymous" traffic. To the OP: you cannot eavesdrop on SSL connections for which you don't have keys.

(08 Dec '15, 10:04) Lekensteyn
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×115
×69
×62
×2

question asked: 05 Dec '15, 10:47

question was seen: 1,494 times

last updated: 08 Dec '15, 10:04

p​o​w​e​r​e​d by O​S​Q​A