laaw.blogg.se - Wireshark intercept https

Now we want to convert the Pi into a router.

I choose to leave things (username, password, etc.) default since my Raspberry Pi's change uses often but if you are going to leave this somewhere, you might want to consider changing the password and other security related things. Default username is pi and the default password is raspberryĪt this point we have a basic Raspberry Pi setup. Plug in the Raspberry Pi to ethernet and power Setup Raspbian Stretch Lite according to the instructions hereĮnable SSH by putting a file named ssh onto the MicroSD card as discussed here Raspberry Pi's are the greatest little computers ever! In this case they will act as our recording device since we can route all of a computer's traffic through it and then record on the Pi. I used an Alfa AWUS051NH but it doesn't really matter as we're only using this to isolate the target device's internet connection.

ALFA USB wifi adapter or other USB wireless adapter.

Micro USB charger and cable or other power supply.

Ethernet Cable (and a place to plug it into for internet).

A MicroSD card preferably 16 GB or greater.

You don't want your students or coworkers to see your Reddit history in the networking traffic after all. When you're recording pcaps for analysis or teaching it's good to get a clean capture. There's no secret SSL decrypting magic wand here.

I should make a note here that this of course will only work on clients that you control enough to install a new certificate authority. However, we can approximate it very closely by saving the encrypted pcap with SSL session keys alongside it. Unfortunately it's not possible (as far as I can tell) to generate a pcap, decrypt the traffic, and save the decrypted version as a single pcap.

Most tools just generate text files and logs of the decrypted SSL traffic but it's significantly easier to work with pcaps because they already have a wealth of existing tooling. I recently needed to make a packet capture (pcap) of decrypted SSL traffic. Whether it's debugging, security analysis, or just to have plaintext records of traffic, SSL can just get in the way. There comes a time in every engineer's life where it becomes necessary to decrypt SSL/TLS encrypted traffic.