First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Where do I mistake when trying to decrypt my own tls1.2 traffic with Wireshark?

I tried to build a decoder of tls1.2 by myself in order to really understand how it all works. First thing, I wanted to test with wireshark if can decrypt my own web tls1.2 traffic and I failed!

Here are the steps I followed:

(1) Used a ready to use flask server+certificate+private key from this git repository On Machine A

(2) I opened wireshark on Machine A.

(3) I opened a virtual machine with some Windows OS on it, lets call it Machine B and I surfed from there into the web I opened on Machine A.

(4) I stopped the Wireshark sniffing on Machine A and loaded the private key from the git repository into the ssl decoder so it looks like this: ssl decoder configurations.

The ip field contains the ip of Machine A which the website is on.

After select Ok on the 'ssl configuration box', I still cannot see any traffic decrypted.

Why is it? What am I doing wrong?

Lonblon's avatar
1
Lonblon
asked 2020-04-16 08:13:14 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

As per the TLS wiki page, decryption with the server private key only works under certain circumstances.

Using pre-master secrets, if your server or client can be persuaded to emit them, succeeds in decryption more often.

grahamb's avatar
23.8k
grahamb
answered 2020-04-16 09:54:49 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer