0

I was experimenting with WireShark and TLS decryption of the traffic. Every guide I've found states that I need to capture the pre-master secret generated by the client and then configure WireShark to actively use it, in order to decrypt the traffic between that client.

My questions are:

  • Consider your device is connected in the same network, with 3 other devices in it. Do they all share the same pre-master secret?

  • If not, the pre-master secret gets generated on each connection the browser establishes or it stays the same for every connection, until the browser is closed?

I am really interested to understand how exactly this secret works. Thanks for hearing me out.

deadmoon
  • 1
  • In short: the pre-master secret is unique for each new TLS session and both client and server random data are part of generating the pre-master secret. It is not specific for a device, i.e. even multiple TLS sessions on the same device have different pre-master secrets. – Steffen Ullrich Feb 06 '23 at 20:53

0 Answers0