i was inspecting a HTTPS site and i found the certificate packet and i found this key in it Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) is this what i need to decrypt the traffic ?? i hope if someone could tell me what to do next in a more practical way asked 20 Mar '16, 16:42  Mostafa Nafady edited 20 Mar '16, 16:51 |
One Answer:
The Certificate packet contains the public key which cannot be used to decrypt traffic. The mentioned cipher suite uses the Diffie-Hellman algorithm for key exchange which cannot be decrypted anyway using a RSA private key. If you are interested in browser traffic, have a look at using the SSL keylog method described at https://wiki.wireshark.org/SSL#SSL_dissection_in_Wireshark. answered 21 Mar '16, 03:07  Lekensteyn |
Thanks A lot for clarifying this for me
If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.