Search
Search

Decrypting SSL/TLS traffic from a app with Wireshark

aandroidtest Published at Dev
78
aandroidtest

I have a pcap file with has the TLSv2.0 traffic from an Windows exe application.

I also have the backend server's private key used to establish the connection.

I have tried both the enabling ssllogfile environment variable and also tried selecting the private key under Wireshark -> Preferences -> TLS. But I still could not decrypt the traffic.

Is there any other way?

The cipher suite used is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Thanks in Advance

Erik

The "ECDHE" means the key exchange is done using Elliptic Curve Diffie-Hellman, which provides forward secrecy. This means that the private key from the server X.509 cert is not enough to decrypt the traffic. You will need to get the client application to generate an SSLKEYLOGFILE, which can be done with Chrome, Firefox and curl. If the "Windows exe application" is something different, then you'll have to intercept the TLS traffic in order to see what goes inside the TLS tunnel.

If you wanna analyze the decrypted traffic in Wireshark, then I'd recommend to proxy the traffic with PolarProxy, because it generates a PCAP file with the decrypted traffic from the TLS session. You will not need any SSLKEYLOGFILE if you choose to intercept and decrypt the TLS traffic with PolarProxy.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

How to install Wireshark on Linux and capture USB traffic?

Capturing mobile phone traffic on Wireshark

Wireshark localhost traffic capture

How to capture the traffic of Genymotion Emulator with WireShark?

iOS intercept all network traffic from my app?

Permitting cleartext HTTP traffic from Android App in very limited circumstances

Filter TLS 1.3 traffic in Wireshark

Reduce telemetry traffic sent from your UWP app

Wireshark cannot see traffic from a VirtualBox guest on Windows 7

Show only HTTP traffic in Wireshark

wireshark cannot capture VM traffic

Capturing wireless traffic (using Wireshark)

wireshark monitor mode, decrypting capture

Log HTTP and HTTPS browser traffic, decrypting the latter

Hide one VM's traffic from another when using Wireshark in Virtual Box

Sniff wireless (Wi-Fi) traffic with Wireshark

Why isn't wireshark capturing/displaying all traffic to/from my laptop

Wireshark - VMWare : how to capture host traffic using wireshark in virtualmachine?

Block traffic from referral spam bots in Azure Web App with DNN

Decrypting Application Data with (Pre)-Master-Secret log file in Wireshark

Capturing mail traffic with Wireshark

Decrypting WPA2-Enterprise (EAP-PEAP) in Wireshark

Monitor Specific WiFi Traffic with Wireshark or Python?

MitmProxy Transparent Proxy + Wireshark - Decrypting TLS 1.3 Traffic

Decrypting python requests https traffic in wireshark

Capturing all traffic in Wireshark from a specific MAC OUI?

Can't decrypt https traffic with wireshark

Decrypting SSL traffic in Wireshark. Only headers get decrypted

What is MQPUT_REPLY in wireshark traffic capture?

TOP Ranking

  1. 1

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  2. 2

    pump.io port in URL

  3. 3

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  4. 4

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  5. 5

    How to use HttpClient with ANY ssl cert, no matter how "bad" it is

  6. 6

    Modbus Python Schneider PM5300

  7. 7

    What is the exact difference between “ use_all_dns_ips” and "resolve_canonical_bootstrap_servers_only” in client.dns.lookup options?

  8. 8

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  9. 9

    BigQuery - concatenate ignoring NULL

  10. 10

    split column by delimiter and deleting expanded column

  11. 11

    Unable to use switch toggle for dark mode in material-ui

  12. 12

    Soundcloud API Authentication | NodeWebkit, redirect uri and local file system

  13. 13

    Apache rewrite or susbstitute rule for bugzilla HTTP 301 redirect

  14. 14

    Is there an option for a Simulink Scope to display the layout in single column?

  15. 15

    UWP access denied

  16. 16

    Center buttons and brand in Bootstrap

  17. 17

    express js can't redirect user

  18. 18

    Make a B+ Tree concurrent thread safe

  19. 19

    Printing Int array and String array in one

  20. 20

    Google Chrome Translate Page Does Not Work

  21. 21

    Elasticsearch - How to match number range in string

HotTag

Archive