Decrypting SSL/TLS traffic from browser (Firefox / Chrome) is possible by using a SSL Session Key, that gets written to the system. (It seemed that Firefox removed this option to create SSLkeylogfile in one of the more recent versions) no problem, in this case we will use Chromium on Kali to decrypt our browser HTTPS traffic, and then read the decrypted packets in Wireshark.

From the same terminal session, run:

Now Start Wireshark and start Capture, then browse to web app in scope.

Stop the trace, and configure Wireshark to use SSL Session key created:

Kali-Pentester 2019-04-15 10-38-43

Now Decrypted SSL  will be shown, simply filter and follow on http in Wireshark.


Decrypting SSL/TLS Traffic with SSLSESSIONKEY and Wireshark
Tagged on: