| Description | This article describe how to decrypt SSL/TLS traffic using a Windows machine. |
| Scope |
FortiGate. |
| Solution |
1) Go to This PC, 'right click' on an empty space then select Properties.
2) Select 'Advanced system settings'.
3) Select 'Environment Variables'.
4) Select New, then type 'SSLKEYLOGFILE' for Variable Name field. For Variable value, it is possible tp select 'Browse File' and choose the file where to save the TLS/SSL keys. In this example, tlskey.txt has been created.
5) Select 'OK' until all recently window prompts have been closed.
6) Start capture and enable filters in GUI -> Network -> Packet Capture.
7) Generate TLS/SSL traffic then download the capture and open it on Wireshark.
8) After opening the capture on Wireshark, go to 'Edit' then 'Preferences'.
9) Under 'Protocols', check and then select 'TLS' (Transport Layer Security).
10) Under '(Pre)-Master-Secret log filename', select' Browse' then choose the tls key file. Afterwards, select 'OK'.
Decryption of TLS/SSL traffic is completed now.
 |
