encrypted payload in tcpdump or pcap
https://stackoverflow.com//questions/21046115
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it possible if I have a tcpdump set up at the gateway of the company LAN, such that all incoming and outgoing traffic is captured, that someone can decrypt the encrypted payload of https packets ? if so, what tools are used to decrypt the payloads of the packets ?
Thanks
-SF
Solution
Generally this is not possible unless you have the NSA or the keys at your disposal. But if you do (have the keys), Wireshark can help,
The SSL dissector is fully functional and even supports advanced features such as decryption of SSL if the encryption key can be provided and Wireshark is compiled against GnuTLS (rather than OpenSSL or bsafe). This works for RSA private keys.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
