Which file is used to decrypt HTTPS traffic in Wireshark?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Which file is used to decrypt HTTPS traffic in Wireshark?

Explanation:
Decrypting HTTPS traffic in Wireshark relies on the client’s TLS session keys, which the browser can log to a file. The standard name for that key log file is SSLKEYLOGFILE. By setting the SSLKEYLOGFILE environment variable to a path before starting the browser, the browser writes the necessary secrets during TLS handshakes. In Wireshark, you then point the TLS decryption feature to that same file (via the key log/file setting), and it uses the logged keys to decrypt the HTTPS traffic so you can inspect the cleartext HTTP content. The other filenames listed aren’t recognized by Wireshark for TLS decryption, so they won’t enable the decryption.

Decrypting HTTPS traffic in Wireshark relies on the client’s TLS session keys, which the browser can log to a file. The standard name for that key log file is SSLKEYLOGFILE. By setting the SSLKEYLOGFILE environment variable to a path before starting the browser, the browser writes the necessary secrets during TLS handshakes. In Wireshark, you then point the TLS decryption feature to that same file (via the key log/file setting), and it uses the logged keys to decrypt the HTTPS traffic so you can inspect the cleartext HTTP content. The other filenames listed aren’t recognized by Wireshark for TLS decryption, so they won’t enable the decryption.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy