1

Is it possible for a packet sniffer such as wireshark to be able to decrypt the traffic generated by a https connection from a browser ? I do not have control of the server, but I have control of the client browser (such as, modifying firefox options to force http, if that's possible, or giving it the client private key if it's somewhere on the firefox folders).

Thanks.

vylway
  • 11
  • 1
  • Do you have the ability to add new trusted root CAs to the client? (in Firefox, this is at the browser level; in other browsers, it's at the client system level). – cpast May 14 '15 at 22:43
  • yes I have the ability to do whatever I want with the client, but I don't have access to the server. However I am obviously looking for the easiest solution to deploy – vylway May 14 '15 at 22:44
  • 1
    Is the client specifically Firefox (in which case I just found [this answer](http://security.stackexchange.com/a/42350/18411) about how to make Wireshark work with Firefox specifically)? – cpast May 14 '15 at 22:47

1 Answers1

1

Firefox and Chrome use the NSS library which supports generation of SSL key logfiles. This file van be specified by the SSLKEYLOGFILE envvar.

Configure the SSL key log file at Preferences -> Protocols -> SSL and you can capture and decrypt on the fly.

Lekensteyn
  • 5,958
  • 5
  • 38
  • 62
  • Thanks, this seems simple enough and is probably what I want. Could you please give me more info or give me a link that explains this in more detail ? Such as, where is the file stored, and in wireshark, what option in the SSL page am I supposed to change? – vylway May 14 '15 at 22:57
  • 1
    @vylway The linked possible duplicate has more details. – cpast May 14 '15 at 23:28
  • @vylway Please see the linked duplicate which I have just updated. I typed this post last night on my phone and thought it was a Superuser.com question. – Lekensteyn May 15 '15 at 13:43