This topic contains 1 reply, has 2 voices, and was last updated by 
- Posts
If I make a wireless network, and clients on it install my certificate, does it mean that I can sniff their HTTPS traffic?
​
If that is possible, could someone explain me how I can create my own certificate, and how to use it to decrypt HTTPS traffic, or, lead me to some resources that can help me.
​
Thank you in advance.
​
Edit:
I found an example. If I use Burpsuites certificate to access HTTPS website, how could someone that is using Wireshark on that network decrypt my HTTPS packets if he has the same certificate?
bubblehead_makerThe wifi cert isn’t what the inner traffic is encrypted with in https. The client and server negotiate the encryption, you need to break the https encryption, like in the example with burp. Burp terminates the client session and then establishes the server session peering into the traffic. Unless the cert is pinned.
Secretxs!remind me 2 weeks
You must be logged in to reply to this topic.
Comments