Will this make it possible to sniff HTTPS traffic, and how could I do it in practice? – Digitalmunition




Home Forums Will this make it possible to sniff HTTPS traffic, and how could I do it in practice?

This topic contains 1 reply, has 2 voices, and was last updated by  bubblehead_maker 1 month, 3 weeks ago.

  • Author
    Posts
  • #334511

    anonymous
    Participant

    If I make a wireless network, and clients on it install my certificate, does it mean that I can sniff their HTTPS traffic?

    ​

    If that is possible, could someone explain me how I can create my own certificate, and how to use it to decrypt HTTPS traffic, or, lead me to some resources that can help me.

    ​

    Thank you in advance.

    ​

    Edit:

    I found an example. If I use Burpsuites certificate to access HTTPS website, how could someone that is using Wireshark on that network decrypt my HTTPS packets if he has the same certificate?

  • #334512

    bubblehead_maker

    The wifi cert isn’t what the inner traffic is encrypted with in https. The client and server negotiate the encryption, you need to break the https encryption, like in the example with burp. Burp terminates the client session and then establishes the server session peering into the traffic. Unless the cert is pinned.

  • #334513

    Secretxs

    !remind me 2 weeks

You must be logged in to reply to this topic.