How to DECRYPT HTTPS Traffic with Wireshark

Подписаться 133 тыс.

Просмотров 373 тыс.

50% 1

In this tutorial, we are going to capture the client side session keys by setting an environment variable in Windows, then feed them to Wireshark for TLS 1.3 decryption.
Follow along with me by downloading the trace file and keylog file here:
bit.ly/decrypttraffic
Steps to capture client session key:
Open Control Panel:System
Select Advanced System Settings
Select Environment Variables
Add a new variable: SSLKEYLOG
Save to a location with a name ending in *.log
Restart Chrome (You may have to reboot Windows in some cases)
Capture Traffic
Add the keylog file to the TLS Protocol in Wireshark Preferences.
If you liked this video, I’d really appreciate you giving me a like and subscribing, it helps me a whole lot. Also don't be shy, chat it up in the comments!
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - bit.ly/udemywireshark
▶Getting Started with Nmap - bit.ly/udemynmap
== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark - bit.ly/virtualwireshark
== Private Wireshark Training ==
Let's get in touch - packetpioneer.com/product/pri...

Опубликовано:

3 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 375

@ganeshid1982 3 года назад

Thanks as always Chris... really useful 🙏

@ChrisGreer 3 года назад

My pleasure! Thanks for the comment Ganesh!

@NovakGoran 3 года назад

'Packet heads' cracked me up. Thanks for the vid!

@ChrisGreer 3 года назад

Glad you liked it! Hey every department needs a Packet Head.

@numberiforgot 3 года назад

Even after all the experience I have with IT security/forensics, I’m still learning something new every day.

@ChrisGreer 3 года назад

Amen to that Christopher! I feel the same. I learn something with every pcap I open.

@lovely31bluprint 2 года назад

You will always learn something more in technology

@alexmook6786 Год назад

Chris is a gem...I have learned so much from him over the years, especially on Pluralsight.

@ChrisGreer Год назад

Thank you!

@seantierney2028 9 месяцев назад

Fantastic guide! I don't normally comment, but you need to know that you are doing fantastic work! I am experiencing Wireshark for the very first time in a CTF and this was clear, informative, and helpful!

@ChrisGreer 9 месяцев назад

Thank you for the comment! I really appreciate the feedback.

@ductran8118 3 года назад

Thank you for sharing! Now I can understand ssl/tls handshake clearly and how https works. Love it and Subscribed.

@ChrisGreer 3 года назад

Thanks for the comment!

@dicao6526 3 года назад

Thanks Chris. I like your passion when explan all of this. 🤗

@ChrisGreer 3 года назад

Thanks again Di. I appreciate the feedback.

@ImranKhan-tc8jz 3 года назад

Thank you so much man. Excellent explanation.

@ethancai681 2 года назад

Thanks, Chris. This video helps me a lot.

@scottspa74 2 года назад

I just experimented with this in a ucertify virtual lab I had open for a class assignment, and it was super easy and fun. Thank you for showing this !

@ChrisGreer 2 года назад

Great job! Thanks for the feedback!

@maliki14 Год назад

i havent touched cybersecurity in over a year but bet your ass stumbling on this video made me turn my PC back on, thank you for the insanely ez lesson

@ChrisGreer Год назад

Awesome!

@thatpigeondude 2 года назад

finally... a video that works. I can't thank you enough dad.

@sammyrajoy 3 года назад

Thank you for this video Chris, I was following the WCNA study guide book but got stuck when I didnt see what's in the book(HTTP). I realised the time gap between the date of book publishing and the current version of wireshark. So switched my trail to 443 and TLS. This video helped me decrypt my session.

@ChrisGreer 3 года назад

Great Samuel! Glad to hear that it helped. I'll get some more TLS 1.3 stuff out there soon.

@KaySwiss21 2 года назад

Glad you did the Collab with Bombal so I could find your content!

@ChrisGreer 2 года назад

I am beyond honored that he wanted to interview me on his channel. Great to have you here!

@alexmannrocks 2 года назад

Great video and example, thanks for what you do

@ChrisGreer 2 года назад

Thanks for the comment!

@ProliantLife Год назад

You're a God amongst men sir. Thank you

@StankBrewing 5 месяцев назад

Thank you, Chris, for such a great educational video)

@tinmaung5828 3 года назад

Thank you so much sir for this wonderful video and it is helpful for us.

@ChrisGreer 3 года назад

Thanks for the comment Tin!

@mattdonnelly3743 2 года назад

Don't tell me this isn't the same guy as Darknet Diaries. The voice is IDENTICAL.

@bits4all770 9 месяцев назад

When I saw you change a hat I knew this lesson would be outstanding

@alexandermayerkirstein 2 года назад

Remarkably excellent delivery style. Super efficient clarity. Nothing superfluous. Conceptual through point and click guidance. Compellingly engaging with constant forward quick-step momentum. Not too loud not soft spoken. Knowledgeable, conservative, passionate, trustworthy source. Technoratically enjoyable. First video I watched on this channel. Heading to check your other content for more of the same. Thank you!

@ChrisGreer 2 года назад

Thank you for watching and commenting Alexander!

@techanalogies2629 2 года назад

A really interesting video indeed!...Learnt many new things....Could you make a video to learn how I can capture and decrypt my smartphone's browsing traffic using wireshark?(Both connected to the same networks)

@TheDyingFox 3 года назад

Nice to read online that this method apparently works the same with the Firefox web browser :D

@elieatia440 2 года назад

Thanks you for your great job. I try it and all it works fine!

@Vietquat114 Год назад

it means we can decrypt any password even if it uses https protocol ?

@moinvohra5505 Год назад

Can somebody help me? I am not able to capture the log file even though I created an environment variable with the ssl.log in the end.

@jiillescas 3 года назад

Great video, please keep sharing more

@ChrisGreer 3 года назад

Thanks for the comment! Working on more content and I'll get it out there.

@dronomads 3 года назад

Thanks, Chris I really appreciate you making videos. Taking the help of your videos I was able to help my colleagues and solve infrastructure problems. Keep making the good stuff as you explain the stuff in quite simple terms.

@ChrisGreer 3 года назад

Nice! That is great Prateek - glad to hear that the videos helped you. More to come!

@sherazhussain8247 2 года назад

Thank you Chris!

@derrickgyamfi4823 Год назад

Thanks Greer, very useful

@jamesa4958 2 года назад

Awesome videos. Thank you

@shumpakshu Год назад

This is some great stuff, keep going.

@ChrisGreer Год назад

Thanks!

@Leafspine 3 года назад

Мужик,лайк тебе ставлю,полезно очень 👍

@NathayT-vr8hm 11 месяцев назад

❤❤It works 💯% dude I don't have a words u are really great!

@StarLightDotPhotos 10 дней назад

Thank you for this. It was kicking my ass.

@majidmollaei1424 2 года назад

Thank you very much Chris 🙏🏻

@ChrisGreer 2 года назад

You are very welcome

@collectionsforyou3209 2 месяца назад

Thanks grish its really nice and helpful

@philipgeorgiev3240 2 года назад

too cool for a dev, thanks

@__Bla__ 2 года назад

That’s really interesting!

@m.adnankhan8245 2 года назад

Amazing Chris :) Thanks!

@ChrisGreer 2 года назад

My pleasure!

@glorfindelironfoot2297 2 года назад

Thanks, Chris.

@grendal1974 3 года назад

Chris, as always you are the man.

@ChrisGreer 3 года назад

@Bill Proctor - Great to see you here Bill! Hope all is well on your end.

@grendal1974 3 года назад

@@ChrisGreer absolutely. Just looking forward to being able to travel again for work. Hope to hang out with you sometime soon!

@ChrisGreer 3 года назад

@@grendal1974 That would be awesome Bill! Let's chat sometime here soon.

@simmi352 9 месяцев назад

Hi Chris, thanks for this one really learnt a lot here. In saying that I've been seeing more of Application Layer Encryption lately, so in theory if you encrypt at the application level before hitting the pipe and encrypt using TLS, would you be able to get to the cleartext?

@brentonm.newbon6026 3 года назад

Great video!

@ChrisGreer 3 года назад

Thanks! Appreciate the comment.

@brahmadude8955 3 года назад

Wonderful Video 🙏

@ChrisGreer 3 года назад

Glad you enjoyed it!

@pystykorva7114 3 года назад

Brilliant!

@ginadi9733 3 года назад

Great tutorial

@ChrisGreer 3 года назад

Thanks Ginadi. Stick around for more around TLS.

@nicoladellino8124 2 года назад

Very nice video, TNX.

@ChrisGreer 2 года назад

Thanks!

@TheAychi 2 года назад

Thank you Sir :)

@ChrisGreer 2 года назад

Most welcome!

@alexborodin845 2 года назад

Cool, thank you!

@ChrisGreer 2 года назад

thanks for the comment Alex!

@Mike-sx5en 3 года назад

You got a new subscriber 🙃😉

@ChrisGreer 3 года назад

Awesome! Thanks for the sub and see you around the channel.

@jagzam 2 года назад

Gracias por compartir toda esta información.!!

@ChrisGreer 2 года назад

Un placer!

@shuvofahmid1705 Год назад

Thanks Chris. Would you mind sharing the process of path variable for log file in Kali Linux and MAC OS ?

@HuzaifaGujjar 2 года назад

Best as always.

@ChrisGreer 2 года назад

Glad you think so!

@albaniaiptv8335 2 года назад

great video. can we decrypt request manually by extracting public certificate of website ?

@ivena 3 года назад

Very useful, how we can do it on linux with mitm? Hope to see this in the next video

@mastoemoji Год назад

Nice video. Could you do an other video decrypting UDP traffic 🙏 it will help us a lot, thanks

@bikupothen5426 2 года назад

how did u get that SYSLOG file in the beginning?

@tjeaton2405 2 года назад

Hey love the video, how can this be done if I'm not using either chrome or firefox?

@rimbantara3209 Год назад

Thanks Chris..🙏🙏

@OmegaBlogss 3 года назад

Hola, saludos desde Argentina 😃

@scottsparling2591 2 года назад

You explain so much more clearly and succinctly than my packet analysis instructor. This is great! Thank you.

@ChrisGreer 2 года назад

Glad it was helpful!

@nournote Год назад

Thank you.

@lofman 3 года назад

Great vid, thanks!

@ChrisGreer 3 года назад

Thanks for the comment! I really appreciate the feedback.

@lofman 3 года назад

@@ChrisGreer didn't know it was that easy. I guess the environment variable you added in the beginning is Chrome specific?

@ChrisGreer 3 года назад

It works with Chrome, Firefox, and some chromium based browsers. I am not much of an Edge user so I haven't tried it myself, and I understand Safari in the Mac environment isn't too happy with this variable either.

@aadityadeshpande9080 2 года назад

Great information 🙂 Please do some video on HTTP3 and its benifits... Found this channel after watching your colab on David's channel... Thank you 😊

@ChrisGreer 2 года назад

For sure! I will be doing more content around QUIC and H3 as things continue to develop. Thank you for the comment. I the meantime check out my QUIC decryption video here - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-QRRHA_5hS2c.html

@RamKumar-tj7ln 3 года назад

Learn it by heart -- By order of the peaky blinders

@lio-ok-messi 3 года назад

Excelent Amigo!

@ChrisGreer 3 года назад

Muchas gracias!

@nix8960 2 года назад

Thanks a lot

@ChrisGreer 2 года назад

Most welcome

@dougspindler4947 2 года назад

Excellent

@ChrisGreer 2 года назад

Thanks doug!

@TaraChand-ys8yd 2 года назад

can you please create a video for decrypting tls traffic in wireshark using private key file

@overtheedge107 Год назад

Hey Chris great video!! Any ideas on how we would decrypt https traffic for capture files that are captured in the firewall? In this situation I don’t have the ability to install wireshark in the client machine. Thanks!!

@FREAKOUTMUSIC46290 3 месяца назад

thank you !

@ChrisGreer 3 месяца назад

You're welcome!

@CDizzzle4Rizzle 2 года назад

You have some really great content on your Channel. You should start accepting BAT's so we can tip you!

@ChrisGreer 2 года назад

Hi Chris D - Thanks for the comment. Actually I had considered setting something like that up but wasn't sure if anyone would actually do it! I appreciate the suggestion and will definitely look into it.

@OmarAlpjaly 4 месяца назад

🔴 Important note the variable name is "SSLKEYLOGFILE" not "SSLKEYLOG" as in the description

@volkan8693 2 года назад

Hi Chris, thank you for this very useful information. However, in my current case that got me here, the communication is between two web services which talk to each other via WCF (soap protocol) and i’m in the client side. How to do this if there is no browser involved?

@ChrisGreer 2 года назад

Hello Volkan, I haven't had to do it in that specific environment, so I'm not much help there. Suggest more searches around capturing the keys in that use case. Thanks for the comment.

@Letraveler_rd 2 года назад

I'm loading the file to Wireshark, but some reason the decryption is not working. I'm using a windows machine.

@putrafams8944 2 года назад

hi I'm from Indonesia ❤️

@Animeatlas351466518427er 3 дня назад

Hey thanks for sharing this cool looking video curiosity question after you decrypt the traffic files and you go to open it in a browser and it says that the content isn't available or if the site was taken down or can the content still be viewed?

@abdellahdany1689 2 года назад

Thanks for the good video as always Chris. Keep the great job! I want to do the same thing but with an application installed on my mobile-phone (I dont't have access to private keys). I intercept the traffic using my PC as WiFi hotspot and wireshark but I didn't succeed to decrypt the content. Thanks.

@ChrisGreer 2 года назад

Thanks for the comment Abdellah! Yeah we would need to capture the TLS keys on the mobile phone itself, or have a tool do it on your laptop as a man in the middle. I'm still researching the best way to do it. As soon as I have found a good tool for it I will make a video.

@abdellahdany1689 2 года назад

@@ChrisGreer Thanks again Chris! I tried some proxies (Charles proxy..) but my mobile app is ignoring the proxy configuration...

@jonathancohen5664 6 месяцев назад

@@ChrisGreer hi chris. Did you ever make the video for doing this with mobile apps? If anyone has any references for how to do this with an app on an iphone much appreciated! Love this video!

@yosuasitorus3478 2 года назад

Hai Chris, how about desktop App not browser, how do we generate that log file?

@marlonrivas3413 2 года назад

How do I enable Packet Reassembly and Uncompressed Entity Body?

@mmd.3859 3 года назад

Please you build on video about how to using the wireshark in windows 10

@joshsalmon5782 2 года назад

Im so confused. The file that you gave wireshark is completely different from the sslkeylog file that you made earlier. How did you create the file that you gave wireshark?

@ChrisGreer 2 года назад

Hey Josh - I probably had to recreate it and share a different one. However the pcap and syslog you get in the link go together and the rest of the video steps are the same.

@ryankan1229 Год назад

Hi Chris, so sorry, after I tried to save the SSL Key log file, I cannot find the file at all, for some reason. I am the administrator but I just cannot find it. Is there anything I must do? Thanks!

@bravebacon4175 2 года назад

Wait so can I store the keys wherever or does it need to be that specific user address?

@MoonIsCheese 2 года назад

Why did you not select the log file from the path you created in the system variable?

@bwest6275 11 месяцев назад

🤦🏻‍♀️

@ko-Daegu 2 года назад

I would love a video on how to read important info of encrypted data without decrypting it

@ChrisGreer 2 года назад

That is a great skill - because in the real world, most of the troubleshooting I do is without the decryption keys.

@thomasedison4937 11 месяцев назад

@@ChrisGreer I'd love to learn that skill.... Really wish you could make a video on that... I'll truly appreciate 💜

@lokeshreddysura6836 Год назад

hey Chris Greer, I have done the same as you did even choosing the alphabets same as you did. No log file is being generated on the folder. restarted chrome/restarted the system but nothing is showing up.

@ManideepLadi 9 месяцев назад

Thank you Chris...This is an amazing video...I wanted to know is it possible to do the same with safari browser in Mac os if so can you please point me the steps... Thanks in advance.

@superkiurtin3002 3 года назад

Greetings, I would like to know if you can make an intercion video of 2fa or otp by ss7 or if you have some way to do, thanks

@johnvardy9559 2 года назад

about session keys how i could fix that on mac os?

@_Omni 3 года назад

Fiddler is good for this 😁

@myyt905 3 года назад

How! Explain please

@maheshv1395 Год назад

Chris, is there a way to do this in the uplink device? using MITM

@JackSparrow-xm3im 2 года назад

Hey Chris really great video it helped me a lot but I just wanna mention that, I don't know for some reason but sslkeylog doesn't store every ssl log, it does stores majority of them but not every, soo I came across some proxy servers like charles which stores every ssl but don't know how to set it up on windows to work perfectly. Please make a video about charles or any other proxy server you recommend to decrypt fully...... Thanks

@ChrisGreer 2 года назад

Thanks for the feedback Jack - I would need to figure out how to reproduce that in order to tshoot on my end.

@hackyourfuture Год назад

Great video, it´s really useful, thank you!

@user-gw7nm8nu1v 2 года назад

wow this is an amazing video, it's not exactly what I needed but it still helped me kinda, and the explanation was clear and easy to follow, amazing job! But I do have a question if I can ask, from what I understand it only saves the logs from browsers? I haven't tried enough, but I have an application and I want to see how it works, but it doesn't save the logs in the log file, even tho google chrome does, is there perhaps anything I can do about it, or should I try some different method? If I go packet by packet in the Wireshark I can clearly see that it connects to a server and then sends and receives an SSL key, the port on the server it goes through is 443 just like HTTPS supposed to be normally

@ChrisGreer 2 года назад

I have not done much testing with apps and how they store the keys. Maybe a dev on this thread could give you some more info?

@christiangrenier9434 2 года назад

Hi Chris, I have a IOT device connected to AWS. I have all certicates... is it possible to decrypt the communication using wireshark? My IOT device is connected to an access point. Actually, I have a switch that I can route all the traffic to the PC but all packets are encrypted. So, I'd like to see the packet contents. Thanks a lot!

@maxfightz4623 Год назад

how would i apply this to a app

@0x80O0oOverfl0w 2 года назад

Does this only work with Chrome? Or will it log keys from windows update and other OS calls?

@dineshkrishna1690 3 года назад

Hi Chris, In the video, it was told that this is specific to chrome browser. Is it so? Because i did not see any setting which is made specific to store session keys for sessions in chrome browser

@ChrisGreer 3 года назад

I used the chrome browser to demonstrate this in the video, but it also works on Firefox Nightly and I have seen it work on Edge too.

@andrewandrosow4797 Год назад

Hello! Good video! I tried to decrypt anything along two days but I haven`t had any success.. I created a system environment variable - there was keys from a browser... What`s going on?