Difference between revisions of "HTTPS Decode Via Pre-master secret"
Jump to navigation
Jump to search
| Line 14: | Line 14: | ||
https://superuser.com/questions/389475/decrypting-ssl-traffic-in-wireshark-only-headers-get-decrypted | https://superuser.com/questions/389475/decrypting-ssl-traffic-in-wireshark-only-headers-get-decrypted | ||
| + | ``` | ||
| + | The SSL connection was probably using Diffie-Hellman to establish the session key. DH allows two parties to establish a shared secret over an insecure channel with no prior communication. This means that even though you have the private key, you can't determine the session key by inspecting the traffic. To decode a DH session you have to actively MITM the connection, or get one of the parties to log the session key. | ||
| + | ``` | ||
Revision as of 16:06, 17 August 2022
https://www.sevecek.com/EnglishPages/Lists/Posts/Post.aspx?ID=89
https://wiki.wireshark.org/TLS
Edit->Preferences->RSA Keys
https://docs.extrahop.com/8.9/decrypt_cert/
https://tshark.dev/export/export_tls/
https://accedian.com/blog/how-to-decrypt-an-https-exchange-with-wireshark/
The SSL connection was probably using Diffie-Hellman to establish the session key. DH allows two parties to establish a shared secret over an insecure channel with no prior communication. This means that even though you have the private key, you can't determine the session key by inspecting the traffic. To decode a DH session you have to actively MITM the connection, or get one of the parties to log the session key.