Walkthrough: Decrypt SSL/TLS traffic (HTTPS and HTTP/2) in Wireshark

Dec 15, 2015

I was recently researching HTTP/2. However I can only see encrypted network packets in Wireshark because all browsers only support HTTP/2 that run over TLS. Actually Wireshark does provide some settings to decrypt SSL/TLS traffic.

Encrypted TLS packets

Using the private key of a server certificate for decryption

The first method is: Using the private key of a server certificate to decrypt SSL/TLS packets.

Export the private key of a server certificate from an IIS server

First, we need to export the private key from the web server, take the IIS server as an example here.

  1. Open the server certificate of an IIS website, click Details tab, click Copy to File....

    View Certificate Details -> Copy to File...

  2. Click Next in the wizard, select Yes, export the private key, then click Next.

    Yes, export the private key

  3. Choose Personal Information Exchange - PKCS # 12 (.PFX), leave the three checkboxes unchecked, click Next.

    Personal Information Exchange - PKCS # 12 (.PFX)

  4. Check Password and set a password, click Next and then export the PFX file.

    Set a password

Configure Wireshark to use the private key for decryption

After having the PFX file, we can configure Wireshark to use the private key to decrypt SSL/TLS packets. You can configure it from either client side or server side, depending on where you view or capture the network traffic.

  1. In Wireshark menu, go to: Edit -> Preferences....
  2. Expand Protocols -> SSL, click the Edit button after RSA key lists.

    Click the edit button after RSA key lists

  3. Configure as below:

    • IP address: Target server IP address, you can input "any" as well.
    • Port: The general port number of HTTPS is: 443.
    • Protocol: http
    • Key File: Select the PFX file you just exported.
    • Password: The password of the PFX file.

After that, the current viewing trace or the future captured trace will be decrypted as expected.

Decrypted TLS packets

If Wireshark still doesn't decrypt the TLS/SSL packets, then the SSL session may be using a Diffie-Hellman cipher.

Disable the Diffie-Hellman cipher

We can confirm an SSL session is using a Diffie-Hellman cipher if the Cipher Suite value of the Server Hello message contains "ECDHE" or "DHE".

SSL session that is using Diffie-Hellman cipher

The session key is transferred encrypted with a dynamically generated key pair (instead of encrypted with the public key from the certificate) if the SSL session is using a Diffie-Hellman cipher. The solution is to disable Diffie-Hellman from the client or the server. I would recommend to disable it from the client so that we can keep the server secure.

Following are the methods to disable the Diffie-Hellman cipher from three different browsers in Windows client and the method to disable the Diffie-Hellman cipher from an IIS server. You can choose either one of them to ensure the SSL session does not use a Diffie-Hellman cipher.

Disable the Diffie-Hellman cipher for Internet Explorer
  1. Run gpedit.msc to open Local Group Policy Editor.
  2. Edit setting: Computer Configuration -> Administrative Templates -> Network -> SSL Configuration Settings -> SSL Cipher Suite Order.
  3. Enable the setting and copy the default cipher suite order from the textbox to notepad or text editor.

    Enable setting: SSL Cipher Suite Order

  4. Remove all the ciphers that contain "ECDHE" or "DHE", please keep all the ciphers in one line.

    Remove all the ciphers that contain ECDHE and DHE

  5. Replace the default value with the new value, click OK to save the setting, then reboot the PC.

  6. After reboot, we can see that the Cipher Suites value in IE Client Hello message does not contain any Diffie-Hellman ciphers and Wireshark is able to decrypt the SSL/TLS packets.

    Client Hello message doesn't contain any Diffie-Hellman cipher

Disable the Diffie-Hellman cipher for Chrome
  1. View the default Cipher Suites list from the Client Hello message of Chrome.

    Cipher Suites (15 suites)
         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
         Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
         Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)
         Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)
         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
         Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
         Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
         Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
         Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
         Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
         Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
    
  2. Append all the ciphers that contain "ECDHE" or "DHE" in hex to command line parameter:"--cipher-suite-blacklist" and launch Chrome with this parameter, like:

    c:\Program Files (x86)\Google\chrome\Application\chrome.exe --cipher-suite-blacklist=0xc02b,0xc02f,0x009e,0xcc14,0xcc13,0xc00a,0xc014,0x0039,0xc009,0xc013,0x0033

  3. After that, we can see that the Cipher Suites value in Chrome Client Hello message doesn't contain any Diffie-Hellman ciphers.

    Cipher Suites (4 suites)
        Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
        Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
        Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
        Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
    
Disable the Diffie-Hellman cipher for Firefox

Launch Firefox, navigate to "about:config" from address bar, search "dhe", double click all the Diffie-Hellman ciphers to change the Value to false, restart Firefox to take effect.

Disable the Diffie-Hellman cipher for IIS server
  1. Run regedit as administrator, edit:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002\Functions.
  2. Remove all the ciphers that contain "ECDHE" or "DHE".

    Remove all the ciphers that contain ECDHE or DHE

  3. Save the change and reboot the server to take effect.

Using SSLKEYLOGFILE

The second method to decrypt SSL/TLS packets is setting an environment variable called SSLKEYLOGFILE that points to a writable text file. Chrome and Firefox will look for the variable when they start up. If it exists, the browser will write the values used to generate TLS session keys out to that file. We can configure Wireshark to read this file to decrypt SSL/TLS packets.

  1. Right click Computer/This PC, view Properties, open Advanced system settings, view Advanced tab, click Environment Variables....

    Right click Computer/This PC, view Properties, open Advanced system settings, view Advanced tab, click Environment Variables....

  2. New a System variable.

    New a System variable

  3. Name the variable as:SSLKEYLOGFILE, point it to a writable text file. You have to create the folder in advance, the text file can be auto generated when you launch Chrome or Firefox.

    Variable: SSLKEYLOGFILE, Value: a writable text file path

  4. In Wireshark, go to:Edit -> Preferences....

  5. Expand Protocols -> SSL, set (Pre)-Master-Secret log filename to the same text file.

    Set (Pre)-Master-Secret log filename to the SSLKEYLOGFILE value

  6. Click OK. Now Wireshark can decrypt HTTPS traffic.

Summary

This article introduces two methods to decrypt SSL/TLS trace in Wireshark, you can evaluate the pros and cons of them to choose the best method for you.

  1. The private key of the server certificate

    Pros:

    • Can be used from either client side or server side.
    • Supports all kinds of browsers.

    Cons:

    • Needs to have access to the server certificate.
    • Does not support Diffie-Hellman ciphers.
  2. SSLKEYLOGFILE

    Pros:

    • Supports Diffie-Hellman ciphers.
    • No need to access the server certificate.

    Cons:

    • Can only be used from client side.
    • Supports only Chrome and Firefox.

Keywords:

HTTPSHTTP/2SSL/TLS