Even after all the experience I have with IT security/forensics, I’m still learning something new every day.
@ChrisGreer
3 жыл бұрын
Amen to that Christopher! I feel the same. I learn something with every pcap I open.
@lovely31bluprint
2 жыл бұрын
You will always learn something more in technology
@NovakGoran
3 жыл бұрын
'Packet heads' cracked me up. Thanks for the vid!
@ChrisGreer
3 жыл бұрын
Glad you liked it! Hey every department needs a Packet Head.
@alexmook6786
Жыл бұрын
Chris is a gem...I have learned so much from him over the years, especially on Pluralsight.
@ChrisGreer
Жыл бұрын
Thank you!
@seantierney2028
Жыл бұрын
Fantastic guide! I don't normally comment, but you need to know that you are doing fantastic work! I am experiencing Wireshark for the very first time in a CTF and this was clear, informative, and helpful!
@ChrisGreer
11 ай бұрын
Thank you for the comment! I really appreciate the feedback.
@maliki14
2 жыл бұрын
i havent touched cybersecurity in over a year but bet your ass stumbling on this video made me turn my PC back on, thank you for the insanely ez lesson
@ChrisGreer
2 жыл бұрын
Awesome!
@ductran8118
3 жыл бұрын
Thank you for sharing! Now I can understand ssl/tls handshake clearly and how https works. Love it and Subscribed.
@ChrisGreer
3 жыл бұрын
Thanks for the comment!
@KaySwiss21
2 жыл бұрын
Glad you did the Collab with Bombal so I could find your content!
@ChrisGreer
2 жыл бұрын
I am beyond honored that he wanted to interview me on his channel. Great to have you here!
@alexandermayerkirstein
2 жыл бұрын
Remarkably excellent delivery style. Super efficient clarity. Nothing superfluous. Conceptual through point and click guidance. Compellingly engaging with constant forward quick-step momentum. Not too loud not soft spoken. Knowledgeable, conservative, passionate, trustworthy source. Technoratically enjoyable. First video I watched on this channel. Heading to check your other content for more of the same. Thank you!
@ChrisGreer
2 жыл бұрын
Thank you for watching and commenting Alexander!
@dicao6526
3 жыл бұрын
Thanks Chris. I like your passion when explan all of this. 🤗
@ChrisGreer
3 жыл бұрын
Thanks again Di. I appreciate the feedback.
@thatpigeondude
2 жыл бұрын
finally... a video that works. I can't thank you enough dad.
@scottspa74
2 жыл бұрын
I just experimented with this in a ucertify virtual lab I had open for a class assignment, and it was super easy and fun. Thank you for showing this !
@ChrisGreer
2 жыл бұрын
Great job! Thanks for the feedback!
@techanalogies2629
3 жыл бұрын
A really interesting video indeed!...Learnt many new things....Could you make a video to learn how I can capture and decrypt my smartphone's browsing traffic using wireshark?(Both connected to the same networks)
@ethancai681
2 жыл бұрын
Thanks, Chris. This video helps me a lot.
@bikupothen5426
2 жыл бұрын
how did u get that SYSLOG file in the beginning?
@elieatia440
2 жыл бұрын
Thanks you for your great job. I try it and all it works fine!
@Vietquat114
Жыл бұрын
it means we can decrypt any password even if it uses https protocol ?
@StankBrewing
7 ай бұрын
Thank you, Chris, for such a great educational video)
@TheDyingFox
3 жыл бұрын
Nice to read online that this method apparently works the same with the Firefox web browser :D
@sammyrajoy
3 жыл бұрын
Thank you for this video Chris, I was following the WCNA study guide book but got stuck when I didnt see what's in the book(HTTP). I realised the time gap between the date of book publishing and the current version of wireshark. So switched my trail to 443 and TLS. This video helped me decrypt my session.
@ChrisGreer
3 жыл бұрын
Great Samuel! Glad to hear that it helped. I'll get some more TLS 1.3 stuff out there soon.
@grendal1974
3 жыл бұрын
Chris, as always you are the man.
@ChrisGreer
3 жыл бұрын
@Bill Proctor - Great to see you here Bill! Hope all is well on your end.
@grendal1974
3 жыл бұрын
@@ChrisGreer absolutely. Just looking forward to being able to travel again for work. Hope to hang out with you sometime soon!
@ChrisGreer
3 жыл бұрын
@@grendal1974 That would be awesome Bill! Let's chat sometime here soon.
@dronomads
3 жыл бұрын
Thanks, Chris I really appreciate you making videos. Taking the help of your videos I was able to help my colleagues and solve infrastructure problems. Keep making the good stuff as you explain the stuff in quite simple terms.
@ChrisGreer
3 жыл бұрын
Nice! That is great Prateek - glad to hear that the videos helped you. More to come!
@scottsparling2591
2 жыл бұрын
You explain so much more clearly and succinctly than my packet analysis instructor. This is great! Thank you.
@ChrisGreer
2 жыл бұрын
Glad it was helpful!
@OliverHext
29 күн бұрын
Great video. Clearly explained.
@mastoemoji
Жыл бұрын
Nice video. Could you do an other video decrypting UDP traffic 🙏 it will help us a lot, thanks
@HuzaifaGujjar
2 жыл бұрын
Best as always.
@ChrisGreer
2 жыл бұрын
Glad you think so!
@gavenchan
Жыл бұрын
Interesting. Great video. I am puzzled by 2 files in this video. Are the "sslkeylog.log" and "DecryptTraffic_Wireshark.log" the same file?
@vladislavvasilev3441
8 ай бұрын
I'm also wondering this - did you find this out?
@intnsity
7 ай бұрын
Yes anyone?
@biggspoon68
Ай бұрын
i noticed that too, and now i am confused
@ProliantLife
Жыл бұрын
You're a God amongst men sir. Thank you
@shumpakshu
2 жыл бұрын
This is some great stuff, keep going.
@ChrisGreer
2 жыл бұрын
Thanks!
@bits4all770
Жыл бұрын
When I saw you change a hat I knew this lesson would be outstanding
@gabrielagyei9112
26 күн бұрын
Thanks for great job and we really appreciate it
@moinvohra5505
Жыл бұрын
Can somebody help me? I am not able to capture the log file even though I created an environment variable with the ssl.log in the end.
@VLif3
Ай бұрын
Just restart the computer. It should work.
@StarLightDotPhotos
2 ай бұрын
Thank you for this. It was kicking my ass.
@shuvofahmid1705
2 жыл бұрын
Thanks Chris. Would you mind sharing the process of path variable for log file in Kali Linux and MAC OS ?
@__Bla__
2 жыл бұрын
That’s really interesting!
@ImranKhan-tc8jz
3 жыл бұрын
Thank you so much man. Excellent explanation.
@alexmannrocks
3 жыл бұрын
Great video and example, thanks for what you do
@ChrisGreer
3 жыл бұрын
Thanks for the comment!
@NathayT-vr8hm
Жыл бұрын
❤❤It works 💯% dude I don't have a words u are really great!
@joshsalmon5782
2 жыл бұрын
Im so confused. The file that you gave wireshark is completely different from the sslkeylog file that you made earlier. How did you create the file that you gave wireshark?
@ChrisGreer
2 жыл бұрын
Hey Josh - I probably had to recreate it and share a different one. However the pcap and syslog you get in the link go together and the rest of the video steps are the same.
@jiillescas
3 жыл бұрын
Great video, please keep sharing more
@ChrisGreer
3 жыл бұрын
Thanks for the comment! Working on more content and I'll get it out there.
@Animeatlas351466518427er
2 ай бұрын
Hey thanks for sharing this cool looking video curiosity question after you decrypt the traffic files and you go to open it in a browser and it says that the content isn't available or if the site was taken down or can the content still be viewed?
@m.adnankhan8245
2 жыл бұрын
Amazing Chris :) Thanks!
@ChrisGreer
2 жыл бұрын
My pleasure!
@mattdonnelly3743
2 жыл бұрын
Don't tell me this isn't the same guy as Darknet Diaries. The voice is IDENTICAL.
@tinmaung5828
3 жыл бұрын
Thank you so much sir for this wonderful video and it is helpful for us.
@ChrisGreer
3 жыл бұрын
Thanks for the comment Tin!
@collectionsforyou3209
5 ай бұрын
Thanks grish its really nice and helpful
@TheAychi
2 жыл бұрын
Thank you Sir :)
@ChrisGreer
2 жыл бұрын
Most welcome!
@ryankan1229
Жыл бұрын
Hi Chris, so sorry, after I tried to save the SSL Key log file, I cannot find the file at all, for some reason. I am the administrator but I just cannot find it. Is there anything I must do? Thanks!
@jamesa4958
2 жыл бұрын
Awesome videos. Thank you
@MoonIsCheese
2 жыл бұрын
Why did you not select the log file from the path you created in the system variable?
@bwest6275
Жыл бұрын
🤦🏻♀️
@Letraveler_rd
2 жыл бұрын
I'm loading the file to Wireshark, but some reason the decryption is not working. I'm using a windows machine.
@simmi352
Жыл бұрын
Hi Chris, thanks for this one really learnt a lot here. In saying that I've been seeing more of Application Layer Encryption lately, so in theory if you encrypt at the application level before hitting the pipe and encrypt using TLS, would you be able to get to the cleartext?
@garrettjones631
3 ай бұрын
Great video! I have a few questions. 1. How are attackers able to decrypt https? Are they able to get this log file somehow? 2. Where are the session keys stored before you set this environment variable, just in memory? 3. If you had a computer disk image and a pcap of that computers traffic could you extract session keys from the image to decrypt the https traffic?
@Leafspine
3 жыл бұрын
Мужик,лайк тебе ставлю,полезно очень 👍
@nicoladellino8124
2 жыл бұрын
Very nice video, TNX.
@ChrisGreer
2 жыл бұрын
Thanks!
@glorfindelironfoot2297
2 жыл бұрын
Thanks, Chris.
@sherazhussain8247
3 жыл бұрын
Thank you Chris!
@albaniaiptv8335
2 жыл бұрын
great video. can we decrypt request manually by extracting public certificate of website ?
@bravebacon4175
2 жыл бұрын
Wait so can I store the keys wherever or does it need to be that specific user address?
@christiangrenier9434
2 жыл бұрын
Hi Chris, I have a IOT device connected to AWS. I have all certicates... is it possible to decrypt the communication using wireshark? My IOT device is connected to an access point. Actually, I have a switch that I can route all the traffic to the PC but all packets are encrypted. So, I'd like to see the packet contents. Thanks a lot!
@philipgeorgiev3240
3 жыл бұрын
too cool for a dev, thanks
@RdozeTV
3 жыл бұрын
Where the f is the pre master secret log filename came from? that's not in the environmental variables you made right?
@yosuasitorus3478
3 жыл бұрын
Hai Chris, how about desktop App not browser, how do we generate that log file?
@Majidiof
2 жыл бұрын
Thank you very much Chris 🙏🏻
@ChrisGreer
2 жыл бұрын
You are very welcome
@flinfaraday1821
2 жыл бұрын
Is the SSLKEYLOGFILE env variable only used by chrome? Or system wide for anything using SSL?
@ChrisGreer
2 жыл бұрын
I have gotten it to work with Firefox and chrome. I have heard it works with edge but have not tried it for myself. All others, a ton to try… I guess it just depends on the api
@derrickgyamfi4823
Жыл бұрын
Thanks Greer, very useful
@0x80O0oOverfl0w
3 жыл бұрын
Does this only work with Chrome? Or will it log keys from windows update and other OS calls?
@w451-qx3kx
3 жыл бұрын
hi, do you know if there is a way to decrypt https when it isn't from the browser, meaning it doesn't get logged to a key file?
@ChrisGreer
3 жыл бұрын
Probably - I'd have to tinker with a specific app or implementation, but I imagine if you dig deep enough in the code there is a way to do it.
@adammason1587
2 жыл бұрын
@@ChrisGreer So from a hackers perspective in todays day and age, I imagine the flow is something like this: 1. compromise endhost through zero day or unpatched vulnerability 2.create a reverse tcp shell via proxy chaining on proxy's that dont log user data (or TOR) 3.setup the log environmental variable in OS (congrats you have modified a system that's not yours and have now officially committed a crime, though I guess the reverse tcp shell could be argue as the stage when that happens) 4. discretely capture network traffic, and discretely transfer data back (no idea how that's done) 5. look for PII/PCI decrypted data 6. Clear traces of you being there... also not really sure how they would do that. Probably clear a bunch of internal log files. I know this comment puts you in a precarious situation, because how do you teach content and answer questions without indirectly possibly helping a hacker, but as a company network engineer I still dont understand how hackers pull of what they do. Is it just a matter of hiding in plane sight and due to the sheer amount of data that goes across the wire, you are hoping nobody notices?
@chelvis1569
2 жыл бұрын
@@adammason1587 Very interesting, to transfer the data back in thinking you could do a loopback but that could be traced.
@tjeaton2405
3 жыл бұрын
Hey love the video, how can this be done if I'm not using either chrome or firefox?
@AbrahamBilly
3 жыл бұрын
thankyou for sharing, but how we can get the tls key without touching the victim pc / laptop?
@ChrisGreer
3 жыл бұрын
You would need send all traffic through a man-in-the-middle device on the network, or you could install an agent on the server that will capture them. Either way, it's designed to be hard to get the keys...
@AbrahamBilly
3 жыл бұрын
@@ChrisGreer isn’t that man in the middle attack / ARP Poisoning doens’t catch the key? please make a video how to get the keys via man in the middle attack sir.
@alexborodin845
2 жыл бұрын
Cool, thank you!
@ChrisGreer
2 жыл бұрын
thanks for the comment Alex!
@abhayn3923
2 жыл бұрын
I followed all the steps as explained by you, but I'm still unable to log the ssl keys into my local directory. May I know why that maybe happening? The file is empty , that is, no keys are logged into it.
@ChrisGreer
2 жыл бұрын
Hmm... weird. That is frustrating. Ok maybe something changed with an update. I'd suggest trying Firefox. If that doesn't work - I've been able to get it working pretty reliably with Kali Linux and Chrome. I demonstrate that here -kzitem.info/news/bejne/soiIrnWVbpqEZZg
@JackSparrow-xm3im
2 жыл бұрын
Hey Chris really great video it helped me a lot but I just wanna mention that, I don't know for some reason but sslkeylog doesn't store every ssl log, it does stores majority of them but not every, soo I came across some proxy servers like charles which stores every ssl but don't know how to set it up on windows to work perfectly. Please make a video about charles or any other proxy server you recommend to decrypt fully...... Thanks
@ChrisGreer
2 жыл бұрын
Thanks for the feedback Jack - I would need to figure out how to reproduce that in order to tshoot on my end.
@iterminator987
2 жыл бұрын
Hello, was wondering if the decryption could be done using a MITM, for instance the MITM proxy...Would be great to see that happen!!! Ty
@ChrisGreer
2 жыл бұрын
Hey, thanks for the comment. I'll see if I can get it working... (or breaking, depending on how you look at it!)
@TaraChand-ys8yd
2 жыл бұрын
can you please create a video for decrypting tls traffic in wireshark using private key file
@ginadi9733
3 жыл бұрын
Great tutorial
@ChrisGreer
3 жыл бұрын
Thanks Ginadi. Stick around for more around TLS.
@txKonen
9 ай бұрын
I'm sorry, but you referenced at 1:18 - SSLKEYLOGFILE to \users\chris but never referenced it again. At 5:38, you referenced a different file. Were they meant to be the same?
@CDizzzle4Rizzle
2 жыл бұрын
You have some really great content on your Channel. You should start accepting BAT's so we can tip you!
@ChrisGreer
2 жыл бұрын
Hi Chris D - Thanks for the comment. Actually I had considered setting something like that up but wasn't sure if anyone would actually do it! I appreciate the suggestion and will definitely look into it.
@gabrielhawk6604
2 жыл бұрын
Chris, I'm having a strange issue where only about 70% of my TLS traffic is decrypted this way. It seems when using the ECDHE cipher, the packet can't get decrypted even with the master log file. But I'm told the master log file should be enough to decrypt this. Is this true?
@JackSparrow-xm3im
2 жыл бұрын
I am facing the same issue and currently looking to setup a proxy server like "Charles" but its quiet complicated....
@jagzam
2 жыл бұрын
Gracias por compartir toda esta información.!!
@ChrisGreer
2 жыл бұрын
Un placer!
@brentonm.newbon6026
3 жыл бұрын
Great video!
@ChrisGreer
3 жыл бұрын
Thanks! Appreciate the comment.
@MrJcc444
20 күн бұрын
cool man ... but i'd like to see packets on my other wifi devices I see i can put my network card in monitor mode will this get the keys to decrypt??
@techproductowner
2 жыл бұрын
Dear Sir wonderful , How do I decrypt Windows desktop application traffic using wireshark , the desktop app use TLS1.2 and Websocket for communication
@ChrisGreer
2 жыл бұрын
Hello DataSkull - we would need to see if the app will locally store the TLS keys. As you saw in the video, chrome will do it in an environment variable, but that may not be the case for the application you are trying to decrypt. You have to dig into it and see if the app will store them.
@JackSparrow-xm3im
2 жыл бұрын
Same issue here looks like better to go with a proxy server
@nix8960
2 жыл бұрын
Thanks a lot
@ChrisGreer
2 жыл бұрын
Most welcome
@adrian3k
3 жыл бұрын
Was struggling to find decent video about wireshark and tls (im totally new to this - wireshark and packet analysis). Is listening to browser any different than listening to application? I want to pick the html/json/xml data sent from server to application with built-in-browser (Embed Browser Engine) to see the same stuff i see inside app (table/numbers) but I'm stuck at seeing headers with tls info (1.2) - rest is still 'encrypted' -- cant find any info why (probably some wireshark settings wrong/missing) :) Hope will get enough info from your tutorials to get thru this problem and see plaintext to work with :D
@adrian3k
3 жыл бұрын
ssl.app_data is encrypted.. TLS_AES_256_GCM_SHA384.. got stream as hex to file and out of options (at least for now) :P
@adrian3k
3 жыл бұрын
looks like I need to get into 'programming' to get some things from handshake and mix it to get 'decoding setup' - could you make something related (like video) or point to 'get going'? Thx Chris!
@adrian3k
3 жыл бұрын
hahaha it turned out I was using 'old wireshark' and could not see the decoded data' 8-) I see some data decoded and some not (probably because of packets not being in good order) --> going to stream gives mixed content Is there a 'simple' way of reordering the packets? There is Time shift (but it looks like i need to be very specific at time value) Can we 'switch packets by place' like move packet No. 250 to 249 (249 goes to 250)?
@aadityadeshpande9080
2 жыл бұрын
Great information 🙂 Please do some video on HTTP3 and its benifits... Found this channel after watching your colab on David's channel... Thank you 😊
@ChrisGreer
2 жыл бұрын
For sure! I will be doing more content around QUIC and H3 as things continue to develop. Thank you for the comment. I the meantime check out my QUIC decryption video here - kzitem.info/news/bejne/soiIrnWVbpqEZZg
@ManideepLadi
11 ай бұрын
Thank you Chris...This is an amazing video...I wanted to know is it possible to do the same with safari browser in Mac os if so can you please point me the steps... Thanks in advance.
@odogg6899
3 жыл бұрын
Am i supposed to take that log file i d/l and drop it in SSL Keys folder or will system automatically create one for me?
@ChrisGreer
3 жыл бұрын
You should have to create that folder but the system will create the log.
@andrewandrosow4797
Жыл бұрын
Hello! Good video! I tried to decrypt anything along two days but I haven`t had any success.. I created a system environment variable - there was keys from a browser... What`s going on?
@hackyourfuture
2 жыл бұрын
Great video, it´s really useful, thank you!
@dineshkrishna1690
3 жыл бұрын
Hi Chris, In the video, it was told that this is specific to chrome browser. Is it so? Because i did not see any setting which is made specific to store session keys for sessions in chrome browser
@ChrisGreer
3 жыл бұрын
I used the chrome browser to demonstrate this in the video, but it also works on Firefox Nightly and I have seen it work on Edge too.
@pystykorva7114
3 жыл бұрын
Brilliant!
@gitgudsec
2 ай бұрын
Hey Chris, the pcap link is broken - any chance you'd mind reuploading? Thanks
@gregwallace9481
2 жыл бұрын
Is there a way to do this for non-web browser traffic? For example, I am trying to decrypt commands and responses with racadm in powershell but the keys don't appear in the log.
@ChrisGreer
2 жыл бұрын
Hey Greg - I have only tried this with Chrome and Firefox. It would def take some more digging to learn where/how/if other API's store the keys.
@noooooo4199
3 ай бұрын
Did you create a ssl key log file and add its path is environment variable or creating an environment variable created the file. Because I am not able to see the file. Please help.
@ВладКалина-у5ь
Жыл бұрын
Hello, what wifi adapter are you using for macOS? I want to buy an adapter, but I don't know which one will be compatible with my Mac. Thx)
@RamKumar-tj7ln
3 жыл бұрын
Learn it by heart -- By order of the peaky blinders
@ldavader2704
2 жыл бұрын
Hey Chris, what about other TLS traffic which is not made from any browser? Thanks
@ChrisGreer
2 жыл бұрын
I've only been able to get it to work with Chrome and Firefox, I haven't tried to store them from any one app.
@Mike-sx5en
3 жыл бұрын
You got a new subscriber 🙃😉
@ChrisGreer
3 жыл бұрын
Awesome! Thanks for the sub and see you around the channel.
@lofman
3 жыл бұрын
Great vid, thanks!
@ChrisGreer
3 жыл бұрын
Thanks for the comment! I really appreciate the feedback.
@lofman
3 жыл бұрын
@@ChrisGreer didn't know it was that easy. I guess the environment variable you added in the beginning is Chrome specific?
@ChrisGreer
3 жыл бұрын
It works with Chrome, Firefox, and some chromium based browsers. I am not much of an Edge user so I haven't tried it myself, and I understand Safari in the Mac environment isn't too happy with this variable either.
@KaySwiss21
2 жыл бұрын
I have a question... If I'm using a wifi adapter that's in monitor mode, and passively sniffing the other devices on my home network... Is there any methods for decrypting other clients on the same network? Other clients meaning , if I'm on my laptop and I want to see what's going on with my Android on the same network, what methods (if any) are there to decrypt the androids traffic?
@ChrisGreer
2 жыл бұрын
That is a great question. In theory, you could do a man in the middle attack and intercept their traffic. You can capture it is a passive listener on WiFi, but with the additional layer 1/2 encryption for WiFi (WPA2 for example) it adds another level of complexity. I have never done it.
@KaySwiss21
2 жыл бұрын
@@ChrisGreer Thanks for the reply! My mind was going into that direction but wasn't sure if there were other ways/methods. Looking forward to more content as well. Since I'm a newer viewer, I dont know the extent of your expertise. But would love to see some cyber security / forensic stuff as that's what I'm currently studying for an associates degree. I see alot of the attacking and vulnerability side, but would like to see more content on defensive and forensic analysis.
@mmd.3859
3 жыл бұрын
Please you build on video about how to using the wireshark in windows 10
Пікірлер: 385