8

I have been working in Wireshark. And I am able to capture http requests and capturing http packets using Wireshark. And now I am capturing https requests. It seems to not capture the packets and when I right click-> follow-->tcp stream It shows the unreadable characters. Can Wireshark capture https request?

MiaoHatola
  • 2,284
  • 1
  • 14
  • 22
toastmaster
  • 109
  • 1
  • 2
  • 8
  • 1
    Short answer yes. A complete answer will be too long for this format IMHO and we can't guess if you have access to the site private key or not. Start from [wireshark wiki](https://wiki.wireshark.org/SSL). – Tensibai Feb 24 '17 at 08:49
  • How to Decrypt SSL and TLS Traffic Using Wireshark Tutorial with screenshots: https://support.citrix.com/article/CTX116557 – Vadzim Apr 24 '20 at 19:35

1 Answers1

11

Wireshark captures all traffic on a network interface. The thing with HTTPS is that it is application layer encryption. Wireshark is not able to decrypt the content of HTTPS. This is because HTTPS encrypts point to point between applications.

The idea here is that HTTPS traffic that travels over the Internet is confidential, a random router or person who happens to capture your packages cannot decrypt the HTTPS without the decryption key.

So bottomline: Wireshark cannot decrypt HTTPS traffic without the decryption key.

More info: https://wiki.wireshark.org/SSL

saekort
  • 353
  • 2
  • 10