# Decryption of TLS sessions

  1. Goal

    • Using Wireshark to decrypt (HTTPS) web traffic.
  2. Used hardware

    • 1 laptop with Microsoft Windows
  3. Used software

    • Wireshark 3.2.1
    • Firefox or Chrome
  4. Setup

    Success

  5. Getting started

    1. Set the environment variable SSLKEYLOGFILE.

    More information about TLS (opens new window)

    We will use Windows Powershell to complete this task.

    $env:SSLKEYLOGFILE "C:\Users\Student\Desktop\keys.txt"
    
    Get-ChildItem env:SSLKEYLOGFILE
    Name                           Value
    ----                           -----
    SSLKEYLOGFILE                  C:\Users\Student\Desktop\keys.txt
    
    1
    2
    3
    4
    5
    6
    1. Create the file keys.txt on the correct location.

    We will use Windows Powershell to complete this task.

    New-Item C:\Users\Student\Desktop\keys.txt
    
    1
    1. Reboot your system.

    2. Start Wireshark and capture traffic.

    Success

    1. Open Firefox and go to a website.

    Success

    1. Stop the capture and look for the correct session.

    First, we look for frames that are containing the word "wireshark".

    Success

    Afterwards, we select the correct stream.

    Success

    This stream is still encrypted.

    Success

    1. Configure the key log file in Wireshark.

    Success

    1. Look at the result. (TLS decrypted).

    Success

  6. Conclusion

    • Once Wireshark and your environment are set up properly, it is a piece of cake to view decrypted data.