FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lestopace
Staff
Staff
Description This article describe how to decrypt SSL/TLS traffic using a Windows machine.
Scope

FortiGate.

Solution

1) Go to This PC, 'right click' on an empty space then select Properties.

 

lestopace_1-1662604563273.png

 

2) Select 'Advanced system settings'.

 

lestopace_2-1662604649726.png

 

 3) Select 'Environment Variables'.

 

lestopace_3-1662604715561.png

 

4) Select New, then type 'SSLKEYLOGFILE' for Variable Name field.

For Variable value, it is possible tp select 'Browse File' and choose the file where to save the TLS/SSL keys.

In this example, tlskey.txt has been created.

 

lestopace_5-1662605139366.png

 

5) Select 'OK' until all recently window prompts have been closed.

 

6) Start capture and enable filters in GUI -> Network -> Packet Capture.

 

lestopace_0-1662604157892.png

 

7) Generate TLS/SSL traffic then download the capture and open it on Wireshark.

 

8) After opening the capture on Wireshark, go to 'Edit' then 'Preferences'.

 

lestopace_6-1662605534874.png

 

9) Under 'Protocols', check and then select 'TLS' (Transport Layer Security).

 

lestopace_7-1662605625648.png

 

10) Under '(Pre)-Master-Secret log filename', select' Browse' then choose the tls key file. Afterwards, select 'OK'.

 

lestopace_10-1662605892482.png

 

Decryption of TLS/SSL traffic is completed now.

 

lestopace_11-1662606022746.png

 

Contributors