Decrypting SSL/TLS Traffic with SSLSESSIONKEY and Wireshark
Decrypting SSL/TLS traffic from browser (Firefox / Chrome) is possible by using a SSL Session Key, that gets written to the system. (It seemed that Firefox removed this option to create SSLkeylogfile in one of the more recent versions) no problem, in this case we will use Chromium on Kali to decrypt our browser HTTPS traffic, and then read the decrypted packets in Wireshark.
From the same terminal session, run:
|
1 2 3 4 5 |
# Set environment to create the sslkeylogfile export SSLKEYLOGFILE="/root/sslkeylogfile" # Start Browser chromium --no-sandbox & |
Now Start Wireshark and start Capture, then browse to web app in scope.
Stop the trace, and configure Wireshark to use SSL Session key created:
Now Decrypted SSL will be shown, simply filter and follow on http in Wireshark.