All Questions
25
questions
1
vote
0
answers
1k
views
Decrypting TLSv1.3 data using SSLKEYLOGFILE from native app
I am trying to decrypt TLSv1.3 packets using Wireshark. I have succeeded in doing so using this tutorial: https://blog.didierstevens.com/2020/12/28/decrypting-tls-streams-with-wireshark-part-2/
This ...
10
votes
1
answer
10k
views
In Wireshark where can I find the TLS Server's Certificate
I'm looking at a TLS v1.3 headers in Wireshark and I'm not sure where I would find the server certificate that is used to confirm that the server is who they claim to be.
The Client Sends Hello then ...
1
vote
0
answers
2k
views
Is it possible to decrypt SSL/TLS traffic with wireshark? [duplicate]
I'm trying to analyze the outgoing requests of an application on my windows 10 computer, but I'm not aware of any way to capture the secret key needed to decrypt the traffic. I have used Teleriks ...
0
votes
1
answer
784
views
Analysing exe file https connections
I have a exe file, which is sending an https request to the remote server and I think, is downloading something from the site. With process hacker 2 I've got only the remote IP, but I need to see get ...
2
votes
0
answers
2k
views
Troubleshooting VPN connection with Wireshark by decrypting IPSec packets
I'm having troubling establishing a VPN connection to a specific network and I'm not the only one having issues. As per their instructions, I'm using the standard VPN client built in windows with pre-...
0
votes
1
answer
2k
views
How to decrypt Outlook traffic in Wireshark?
I have to follow Comparitech's
SSL Decryption Guide: How to Decrypt SSL with Wireshark.
But it is not working for Outlook - Office 365 mail traffic.
I'm seeing traffic on port 443 only and it's SSL-...
1
vote
1
answer
409
views
Seeking explanation of occurences during Wireshark SSL/TLS decryption
Currently using:
OS: Official Kali Linux 2019.4
Browser:
Chromium Version 76.0.3809.100 (Developer Build) built on Debian bullseye/sid, running on Debian kali-rolling (64-bit)
Wireshark 2.6.10 (Git ...
15
votes
1
answer
35k
views
SSL protocol seems to be missing in Wireshark
SSL protocol seems to be missing for me. It doesn't show up in the preferences menu and Wireshark doesn't capture any SSL packets from any program I try. I also had a failed handshake trying to just ...
1
vote
0
answers
725
views
Get ssl server name from ssl handshake - tshark
I am trying to verify a certificate using openssl. I verified the certificate chain itself and I want to check if the subject of the certificate matches the server name from the SSL field.
My code ...
4
votes
1
answer
7k
views
How to read ocsp package content in wireshark
I have deployed basic ocsp server from OpenSSl Cookbook by Ivan Ristic page 44 with following command:
openssl ocsp -port 9080 -index db/index -rsigner root-ocsp.crt -rkey private/root-ocsp.key -CA ...
1
vote
1
answer
2k
views
Locate unencrypted HTTP data with Wireshark
Part of an assignment for university is analysing packets from HTTP and HTTPS traffic, however Wireshark doesn't seem to be displaying the HTTP data as I would expecting - just to clarify, I am ...
-1
votes
1
answer
839
views
Decrypting TLS Browser Traffic With Wireshark - Body is still encrypted
I was trying to reverse engineer a protocol using wireshark. I followed this article and tried to decrypt TLS Browser Traffic using SSLKEYLOGFILE since decrypting using private key didn't work for me. ...
0
votes
0
answers
5k
views
Replaying Client Hello from previous session
I am basically testing an SSL server. I need to capture the client hello and then replay the same client hello with exact same field values. Here are the steps that I performed-
1) Captured the client ...
0
votes
1
answer
119
views
Human readable SSL/TLS packets
If I have a protocol-analyzer/packet-sniffer, such as wireshark installed on a particular device..
(or in this case; tcpdump & tshark etc. on my smartphone..)
..should I be able to read ...
0
votes
1
answer
779
views
Wireshark capture SSL only
I would like to capture SSL or HTTPS traffic only in Wireshark, this is not something that can be filtered after due to the length of the time I would be recording the data after and the size of the ....