I'm practicing session hijacking on my Facebook account and when I attempt to locate the authentication cookie I am unable to, presumably because the packets are SSL encrypted. My question is how to I decrypt this traffic so I can read the packets?? asked 13 Jul '16, 11:46 Kieran John ... |
One Answer:
To decrypt the SSL Session you have to find a way to get the needed Pre Shared Key. The Wireshark Wiki entry for SSL has everything you need, especially the paragraph "Using the (Pre)-Master-Secret". Besides other options it's also linking to a Detailed guide how to extract and use the Keys from some browsers. But that's overkill if you just need the Cookie, which can be much simpler extracted from the browser cache (or plugins like Live HTTP Headers). answered 17 Jul '16, 05:10 Alexander We... |