This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

decrypt ssl traffic using wireshark

0

Is there a way to decrypt the https traffic generated by some device on my home network with Wireshark running on my computer?? I was able to decrypt the 802.11 traffic with monitor mode enabled, the WPA2 key provided to Wireshark and the complete EAPOL handshake captured (generated by the device I'm trying to kinda spy on), but I can't seem to be able to eavesdrop, for example, the safe browsing activity happening on my network...

Thanks!

asked 05 Dec '15, 10:47

p1020175's gravatar image

p1020175
6335
accept rate: 0%


One Answer:

0

Are you joking? I'd think that "anonymous browsing" should behave as its name suggests, so for web pages visited in this mode, the browser should not store the session keys even if instructed to do so using SSLKEYLOGFILE variable.

answered 05 Dec '15, 10:55

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 05 Dec '15, 11:20

The information about the anonymous part is false, the SSL library (Chrome's OpenSSL fork / NSS) requires this key and does not distinguish between (non-)"anonymous" traffic. To the OP: you cannot eavesdrop on SSL connections for which you don't have keys.

(08 Dec '15, 10:04) Lekensteyn