How to DECRYPT HTTPS Traffic with Wireshark

Показать описание

In this tutorial, we are going to capture the client side session keys by setting an environment variable in Windows, then feed them to Wireshark for TLS 1.3 decryption.

Follow along with me by downloading the trace file and keylog file here:

Steps to capture client session key:
Open Control Panel:System
Select Advanced System Settings
Select Environment Variables
Add a new variable: SSLKEYLOG
Save to a location with a name ending in *.log
Restart Chrome (You may have to reboot Windows in some cases)
Capture Traffic
Add the keylog file to the TLS Protocol in Wireshark Preferences.

If you liked this video, I’d really appreciate you giving me a like and subscribing, it helps me a whole lot. Also don't be shy, chat it up in the comments!

== More On-Demand Training from Chris ==

== Live Wireshark Training ==

== Private Wireshark Training ==

Рекомендации по теме

Комментарии

Thanks as always Chris... really useful 🙏

ganeshid

Even after all the experience I have with IT security/forensics, I’m still learning something new every day.

numberiforgot

'Packet heads' cracked me up. Thanks for the vid!

NovakGoran

Chris is a gem...I have learned so much from him over the years, especially on Pluralsight.

alexmook

i havent touched cybersecurity in over a year but bet your ass stumbling on this video made me turn my PC back on, thank you for the insanely ez lesson

maliki

I just experimented with this in a ucertify virtual lab I had open for a class assignment, and it was super easy and fun. Thank you for showing this !

scottspa

A really interesting video indeed!...Learnt many new things....Could you make a video to learn how I can capture and decrypt my smartphone's browsing traffic using wireshark?(Both connected to the same networks)

techanalogies

Remarkably excellent delivery style. Super efficient clarity. Nothing superfluous. Conceptual through point and click guidance. Compellingly engaging with constant forward quick-step momentum. Not too loud not soft spoken. Knowledgeable, conservative, passionate, trustworthy source. Technoratically enjoyable. First video I watched on this channel. Heading to check your other content for more of the same. Thank you!

alexandermayerkirstein

Hi Chris, so sorry, after I tried to save the SSL Key log file, I cannot find the file at all, for some reason. I am the administrator but I just cannot find it. Is there anything I must do? Thanks!

ryankan

Can somebody help me?
I am not able to capture the log file even though I created an environment variable with the ssl.log in the end.

moinvohra

I'm loading the file to Wireshark, but some reason the decryption is not working. I'm using a windows machine.

Letraveler_rd

Thank you for sharing! Now I can understand ssl/tls handshake clearly and how https works. Love it and Subscribed.

ductran

finally... a video that works. I can't thank you enough dad.

thatpigeondude

Glad you did the Collab with Bombal so I could find your content!

KaySwiss

how did u get that SYSLOG file in the beginning?

bikupothen

Fantastic guide! I don't normally comment, but you need to know that you are doing fantastic work! I am experiencing Wireshark for the very first time in a CTF and this was clear, informative, and helpful!

seantierney

Nice to read online that this method apparently works the same with the Firefox web browser :D

TheDyingFox

Im so confused. The file that you gave wireshark is completely different from the sslkeylog file that you made earlier. How did you create the file that you gave wireshark?

joshsalmon

Thank you for this video Chris, I was following the WCNA study guide book but got stuck when I didnt see what's in the book(HTTP). I realised the time gap between the date of book publishing and the current version of wireshark. So switched my trail to 443 and TLS. This video helped me decrypt my session.

sammyrajoy

Don't tell me this isn't the same guy as Darknet Diaries. The voice is IDENTICAL.

mattdonnelly

How to DECRYPT HTTPS Traffic with Wireshark

How to DECRYPT HTTPS Traffic with Wireshark

Decrypting HTTPS Traffic With Wireshark

Decrypt HTTPS traffic with Wireshark on Windows

Decrypt HTTPS Traffic with Wireshark

Decrypt HTTPS Traffic in Wireshark on a windows machine

HTTPS Decryption with Wireshark // Website TLS Decryption

Decrypt SSL / TLS traffic using wireshark.

How to Decrypt QUIC and HTTP3 // Decrypting TLS with Kali Linux // Wireshark Tutorial

FORTINET FIREWALL TRAINING IN ENGLISH

Wireshark Learning Series: HTTPS Decrypt

How to DECRYPT HTTPS Traffic with Wireshark

How to decrypt HTTPS TLS traffic two directions in Wireshark

Decrypt HTTPS traffic using Wireshark

TLS Handshake Deep Dive and decryption with Wireshark

Decrypting TLS, HTTP/2 and QUIC with Wireshark

How to decrypt HTTPS traffic with ANY.RUN on the Danabot sample

Decrypt SSL traffic using Wireshark and SSL key log file(Linux)

How Encryption Works - and How It Can Be Bypassed

Taking over HTTPS traffic with BETTERCAP using SSLSTRIP and explaining HSTSHijack - testing MiTM

How to DECRYPT HTTPS Traffic PAYLOAD with Burp Suite

How to Decrypt SSL with Wireshark – HTTPS Decryption Guide

How to decrypt RSA Private Key using OpenSSL

How to Decrypt SSL with Wireshark – HTTPS Decryption Guide highlight

Learn Wireshark in 10 minutes Part 4 Wireshark Tutorial(Decrypt TLS Traffic)