First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Decrypting HTTPS

  • retag add tags

I work for a small private school. Several of our students are using our WiFi password on personal devices which gives them unfiltered access to the internet. Yes, we have the capability to filter but it's not being used and I don't have any say in the matter. I want to know what our students are accessing from their personal devices so that I can present it to my admin. I understand how to decrypt TLS / HTTPS traffic from my computer but is it possible to decrypt all HTTPS traffic? --Thanks

JLewter's avatar
1
JLewter
asked 2022-05-06 14:59:21 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

The short and sweet answer: No. That's the whole point of TLS connections.

Their exist technical means to implement DPI for HTTPS, but this involves setting up a special proxy and installing a specific certificate on all devices first.

Jaap's avatar
13.7k
Jaap
answered 2022-05-06 18:09:42 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

Although @Jaap is absolutely correct about the decryption of TLS, if your main purpose is:

I want to know what our students are accessing from their personal devices so that I can present it to my admin

Then you do get to see a bit of where students are going. First of all, you could monitor the DNS traffic, but if they are using DoT or DoH, then that won't work. By inspecting the ServerNameIndication extension in the TLS ClientHello, you can see which sites are visited. Make a capture file and run tshark on it like:

tshark -nlr packets.pcapng -Y tls.handshake.type==1 -T fields -e ip.src -e tls.handshake.extensions_server_name
SYN-bit's avatar
18.5k
SYN-bit
answered 2022-05-06 21:22:04 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer