2

Now I have some sniffed HTTPS traffic, What on earth can I do with it. More specifically, is there any way I can decrypt it or understand it, any tool on kali or something? I am a bit new to the subject so please go easy on me.

user3407319
  • 139
  • 3

1 Answers1

3

No, you can not decrypt it unless you know the private key of the server. If it wasn't so, HTTPS would be sort of pointless.

There are two things you can do, though:

  • You can see what domain the user has visited - these are not encrypted.
  • If a key exchange without perfect forward secuirty is used (such as RSA, but not Diffie-Hellman) you can store the data so it can be decrypted if you in the future should for some reason find yourself in possession of the servers private key.
Anders
  • 64,406
  • 24
  • 178
  • 215
  • 1
    Additionally, if you have logged the symmetric keys from the client you can decode it: https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ – Alexander O'Mara Nov 24 '16 at 18:57
  • But isint is https? So from where does the symmetric encryption come into the picture ??? – Panda Nov 25 '16 at 03:27
  • @M.S.P Asymmetric encryption is just used in the beginning. All data is transfered using symmetric encryption. See [this](http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work). – Anders Nov 25 '16 at 07:45