This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm practicing session hijacking on my Facebook account and when I attempt to locate the authentication cookie I am unable to, presumably because the packets are SSL encrypted. My question is how to I decrypt this traffic so I can read the packets??

asked 13 Jul '16, 11:46

Kieran%20John%20Gallicker-Irvine's gravatar image

Kieran John ...
1111
accept rate: 0%


To decrypt the SSL Session you have to find a way to get the needed Pre Shared Key.

The Wireshark Wiki entry for SSL has everything you need, especially the paragraph "Using the (Pre)-Master-Secret". Besides other options it's also linking to a Detailed guide how to extract and use the Keys from some browsers.

But that's overkill if you just need the Cookie, which can be much simpler extracted from the browser cache (or plugins like Live HTTP Headers).

permanent link

answered 17 Jul '16, 05:10

Alexander%20Wetzel's gravatar image

Alexander We...
62
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×56
×16

question asked: 13 Jul '16, 11:46

question was seen: 17,510 times

last updated: 17 Jul '16, 05:10

p​o​w​e​r​e​d by O​S​Q​A