0

I wanna decrypt some packets on Wireshark, when I search the Internet, some people were said to use SSLKEYLOGFILE environment, I do the stuff, but it looks like that chorme doesn`t update that file when I'm visiting my targeted site.

by the way, somewhere I get familiar with Fiddler and find out that it creates a cert file and do some stuff to decrypt only the https message. I want to know where is debug file of Fiddler and how I can give that to Wireshark to decrypt the packets on it?

Lord ST
  • 101
  • I found this link, it may be useful: https://www.innovia.com/blog/2015/04/21/deciphering-simplicity-with-wireshark-and-fiddler – Lord ST Jun 22 '19 at 16:54
  • Fiddler is creating a cert so it can do a man-in-the-middle attack and makes itself a proxy server. Wireshark just reads the packets of the network. So they behave quite differently and what works on Fiddler will not work on Wireshark. – Dijkgraaf Jun 24 '19 at 00:38
  • @Dijkgraaf I know that they`re for different work and have a different mechanism, but you mean the way that fiddler decrypt the https packages cant be adapted to Wireshark to do the same thing, cuz I think that the most important thing to do is getting the key that uses for encrypting the packages between client and server ... – Lord ST Jun 24 '19 at 18:46
  • Yes, for Wireshark to work you have to get the private key that is used to encrypt the data. So either you need to have that private key, or as per the example linked to by Lord ST, you use a key that you have generated to do a man-in-the-middle attack by putting a proxy in between that you can get the client end point to trust. In either case you need to have some level of control of one of the end points. – Dijkgraaf Jun 24 '19 at 21:21
  • @Dijkgraaf thanks for your clarification ;) – Lord ST Jun 25 '19 at 09:35

0 Answers0