1.                                                

Decrypt SSL traffic using Wireshark

'Document' forumunda KaliBot tarafından 27 Aralık 2015 tarihinde açılan konu

  1. KaliBot

    KaliBot Albay

    Katılım:
    30 Haziran 2015
    Mesaj:
    539
    Beğeniler:
    45
    Ödül Puanları:
    12
    Web Sitesi:

    How to Decrypt SSL traffic using Wireshark : SSL is one the best way to encrypt network traffic and avoiding men in the middle attacks and other session hijacking attacks. But there are still multiple ways by which hackers can decrypt SSL traffic and one of them is with the help of Wireshark. Wireshark has an awesome inbuilt feature which can decrypt any traffic over a selected network card. So friends today we will learn how to decrypt SSL traffic or HTTPS traffic over network with help of Wireshark tool.

    Basic Requirement for Decrypting SSL Traffic :

    • Wireshark
    • SSL Private Key
    • Basic knowledge in the following areas:
      • Network traces
      • Networking, TCP/IP and SSL/TLS protocols
      • Certificates and the use of Public and Private Keys
      • The Wireshark network protocol analyzer
    Note: We will be using Kali Linux for decryption of network traffic but similar can be done on windows operating system too with help of minor tweaks.

    [​IMG]
    Decrypt SSL traffic using Wireshark
    Decryption of SSL Traffic using Wireshark :
    Step1 : Start monitor mode

    Select your network card for monitoring network traffic by giving following command at terminal:

    Kod:
    $ airmon-ng start wlan0
    You can find complete list of network cards using a simple command ifconfig on terminal i.e. Kali Linux (or ipconfig/all on Windows).

    You will need airmon in windows if you wish to use the same on windows OS.



    Step 2 : Obtain SSL Private Key using OpenSSL

    In order to obtain the SSL private key, you have to execute the below command at Kali Linux terminal:

    Kod:
    openssl req -x509 -nodes -newkey rsa:1024 -keyout testkey.pem -out testcert.pem
    The above command will create two files in your home directory:

    a. testkey.pem (which is a private test key)

    b. testcert.prem (which is a self signed certificate)

    Note: You have to use the same keys on your server.



    Step 3 : Setup Wireshark to decrypt network card traffic

    You can start Wireshark by giving following command on terminal :

    Kod:
      $ wireshark
    Now go in preferences in edit menu then go to protocol on left side and then SSL protocol.

    [​IMG]
    Wireshark Key file entries
    And fill the following details as mentioned below :

    IP : IP Address of Server

    Port : 443

    Protocol : HTTP

    Key File : Select the key file generated in above step

    Password : Its up to you, you wanna provide or not.

    That’s it. Now you will get decrypted result for for any SSL or TLS protocols.

    Note : You can also use a filter for SSL as mentioned below :

    tcp.port==443 –

    This will filter all SSL traffic.
    If you have any doubts feel free to ask and don’t forget to say thanks if you like our tutorials. Keep Learning !! Keep Connected!!
     
  2. Echoes

    Echoes Member

    Katılım:
    21 Ağustos 2015
    Mesaj:
    96
    Beğeniler:
    1
    Ödül Puanları:
    8
    Ne kadar uğraş versem de, bir türlü beceremedim. :) Sanırım tarayıcılar bu duruma karşı güvenlik önemleri almış.
     
  3. Bay Pipo

    Bay Pipo Moderator

    Katılım:
    10 Eylül 2015
    Mesaj:
    525
    Beğeniler:
    9
    Ödül Puanları:
    18
    Apt-get install Mitmf
    Bu toolu kullan
     

Bu Sayfayı Paylaş

Share