How to Decrypt SSL traffic using Wireshark : SSL is one the best way to encrypt network traffic and avoiding men in the middle attacks and other session hijacking attacks. But there are still multiple ways by which hackers can decrypt SSL traffic and one of them is with the help of Wireshark. Wireshark has an awesome inbuilt feature which can decrypt any traffic over a selected network card. So friends today we will learn how to decrypt SSL traffic or HTTPS traffic over network with help of Wireshark tool. Basic Requirement for Decrypting SSL Traffic : Wireshark SSL Private Key Basic knowledge in the following areas: Network traces Networking, TCP/IP and SSL/TLS protocols Certificates and the use of Public and Private Keys The Wireshark network protocol analyzer Note: We will be using Kali Linux for decryption of network traffic but similar can be done on windows operating system too with help of minor tweaks. Decrypt SSL traffic using Wireshark Decryption of SSL Traffic using Wireshark : Step1 : Start monitor mode Select your network card for monitoring network traffic by giving following command at terminal: Kod: $ airmon-ng start wlan0 You can find complete list of network cards using a simple command ifconfig on terminal i.e. Kali Linux (or ipconfig/all on Windows). You will need airmon in windows if you wish to use the same on windows OS. Step 2 : Obtain SSL Private Key using OpenSSL In order to obtain the SSL private key, you have to execute the below command at Kali Linux terminal: Kod: openssl req -x509 -nodes -newkey rsa:1024 -keyout testkey.pem -out testcert.pem The above command will create two files in your home directory: a. testkey.pem (which is a private test key) b. testcert.prem (which is a self signed certificate) Note: You have to use the same keys on your server. Step 3 : Setup Wireshark to decrypt network card traffic You can start Wireshark by giving following command on terminal : Kod: $ wireshark Now go in preferences in edit menu then go to protocol on left side and then SSL protocol. Wireshark Key file entries And fill the following details as mentioned below : IP : IP Address of Server Port : 443 Protocol : HTTP Key File : Select the key file generated in above step Password : Its up to you, you wanna provide or not. That’s it. Now you will get decrypted result for for any SSL or TLS protocols. Note : You can also use a filter for SSL as mentioned below : tcp.port==443 – This will filter all SSL traffic. If you have any doubts feel free to ask and don’t forget to say thanks if you like our tutorials. Keep Learning !! Keep Connected!!