-1

The tcpdump manual says that it can dump HTTPS packets. I guess this means just a bunch of encrypted data. If I send an HTTPS request with my browser via my router to the rest of the world and the router dumps those packets, could I decrypt these packets, if I had something from the browser (like a certificate or something)?

The browser is a current Firefox.

Patrick Mevzek
  • 1,768
  • 2
  • 11
  • 23
jdoe
  • 161
  • 1
  • 2
  • 5
  • 1
    *"The tcpdump manual says that it can dump https packages."* - I cannot find any references to HTTPS in [the tcpdump manual](http://www.tcpdump.org/manpages/tcpdump.1.html), only a reference to HTTP. Can you please provide a link to the version of the manual you are using and cite the relevant part? Apart from that are you asking about decrypting HTTPS using tcpdump (not possible) or in general (in which case it is duplicate as Marc@ already commented). – Steffen Ullrich Dec 28 '17 at 17:52

1 Answers1

0

I guess this means just a bunch of encrypted data.

True. To view the contents of the dumped data at the router, for a website, you would need to have the private key of the certificate for that specific website that you're visiting.

The used browser is not important since you're talking about network packages.

pedromendessk
  • 918
  • 1
  • 6
  • 19
  • Using the server privatekey (if you can even get it) only works for plain-RSA keyexchange, which was common in past decades but fairly rare now (and will be gone entirely if 1.3, still in draft, ever takes off). However Firefox (and IINM Chrome also) can export session secrets which work for all keyexchanges. – dave_thompson_085 Dec 29 '17 at 02:49