Decrypting SSL/TLS traffic with Wireshark [updated 2021]

The internet wasn’t designed to be secure from the start. Many protocols (such as HTTP and DNS) were designed to serve their purpose of conveying information over the network without spending time on security.

However, in the modern Internet, privacy and security are major priorities. As a result, the Transport Level Security (TLS) protocol (and its predecessor SSL) are designed to encrypt traffic as it travels over the network. This allows computers to use the same underlying protocols for formatting data (like HTTP) but add a level of security (transforming it to HTTPS).

The issue with SSL/TLS for cybersecurity professionals is that it works. While the encryption standards were developed for good purposes, the bad guys use them too. In this article, we’ll describe how to perform SSL/TLS decryption in Wireshark.

What you’ll need

Wireshark is a commonly-known and freely-available tool for network analysis. The first step in using it for TLS/SSL encryption is downloading it from here and installing it.

The other thing that you’ll need to do before decrypting TLS-encrypted traffic is to configure your Web browser to export client-side TLS keys. Since TLS is designed to protect the confidentiality of the client and the server during

Read More: