Leave a Comment / Blog / By

Decrypt HTTPS Traffic in Wireshark in 5 minutes

Decrypt HTTPS Traffic in Wireshark in 5 minutes

Wireshark is a tool for analyzing packets in a network, also known as a Network Protocol Analyzer. It gives you an interface to troubleshoot the network or learn about networks and different protocols, just like us!

Let’s Jump in on how to decrypt HTTPS Traffic in Wireshark.

Table Of Contents
  1. Environmental Variables
  2. Wireshark

Environmental Variables

1. In your Windows machine, Go to the search bar, type “Environmental variables” and click on it.

2. A dialogue box will appear, Click on the “Environmental variable” at the bottom right.

Decrypt HTTPS Traffic in Wireshark in 5 minutes

3. In the system variable section click on “new”.

Decrypt HTTPS Traffic in Wireshark in 5 minutes

4. A dialogue box will appear, Enter the variable name: SSLKEYLOGFILE

5. Enter variable value: C:\Users\”your username”\Documents\SSLKeys\ssl.log

Decrypt HTTPS Traffic in Wireshark in 5 minutes

6. Click OK, again OK, and restart your Chrome or computer sometimes.

7. Make sure that the file is being shown in that path!

Wireshark

1. Open Wireshark, Capture the traffic and make sure that TLS keys are also captured which is in the initial handshake.

2. Go to Edit -> Preferences.

3. Expand the “Protocols” section

Decrypt HTTPS Traffic in Wireshark in 5 minutes

4. Find and Select “TLS”, Browse that log file, and apply the changes!

Decrypt HTTPS Traffic in Wireshark in 5 minutes

Congratulations! Now it is Decrypted:

Decrypt HTTPS Traffic in Wireshark in 5 minutes