Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
abarushka
Staff
Staff

Created on ‎01-13-2020 02:05 AM Edited on ‎03-01-2024 05:47 AM By Moderator

Article Id 189866

Technical Tip: How to decrypt TLS traffic generated by the browser (Windows operating system)

Description

 

This article describes how to decrypt TLS traffic generated by the browser (Windows operating system).

Scope

 

For Microsoft Windows products.

Solution

 

Note that decrypting TLS traffic may expose sensitive information.

 

  1. Go to Control Panel -> Advanced system settings and select  'Environment Variables...'

 

  1. Select 'New' and add a new user variable 'SSLKEYLOGFILE' and point it at the location (full path) for the TLS session keys log file.


     

     
  2. Start packet capturing before starting the browser.
  3. Start the browser and navigate to the TLS website. TLS session keys are logged in the file specified in step 2.
  4. Stop packet capturing.
  5. Open Wireshark and go to Edit -> Preference -> Protocols -> SSL and select the '(Pre)-Master-Secret log filename' file specified in step 2.
     
    Note: In the new Wireshark releases, the protocol is not SSL anymore, but TLS.
     

     

  6. Open a '.pcap' file in Wireshark.
    In case traffic is decrypted correctly, there will be a 'Decrypted SSL data' tab in the left bottom corner.



Labels:
2517
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.