This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decrypting your own Tlsv1 packets?

0

Hi everyone.

I'm trying to write a program that interfaces to XYZ service's servers. (basically their software is quite buggy and non-optimized so I want to make a client that offers some limited functionality without said bugs etc)

The login uses TLSv1 and respectively, I know some of the data that is getting sent (my username and password for example).

It there anyway to 'decrypt' your own packets? As I need the 'structure' of the 'login process' for my application to mimic it... And the original data and key to encrypt it is coming from my end anyway - so would this be possible?

Any help it greatly appreciated Kind regards, Luke

asked 25 Jul '11, 13:32

lukus001's gravatar image

lukus001
6224
accept rate: 0%


One Answer:

0

To be able to decrypt SSL/TLS traffic with Wireshark, you need to have the server private key or have an export of the (pre-)master secret (which can be done with a self-compiled version of Chrome or Firefox with some debug options turned on or by using the openssl s_client). It sounds like those might not an option in your setup.

If you are able to use firefox to access their site, then the easiest way to decrypt the traffic (if it is https) is to use the httpfox add-on, this will give you all the decrypted http traffic.

If that's not possible, you might be able to do a man-in-the-middle with Fiddler.

answered 25 Jul '11, 16:57

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thanks for your reply SYNbit.

Their client is actually made in adobe air or more specifically; the login is handled with adobe flash. Looking at fiddler now, hopefully that will work :)

I believe flash uses TLS built in from windows (in this instance at least, because disabling it in internet options makes their login fail /give errors). Unfortunately their flash file does not load in a browser, so I don't know how it getting treated.

Anyway, thanks again for taking the time to help out.

(26 Jul '11, 08:28) lukus001