Open Wireshark-tutorial-on-decrypting-HTTPS-SSL-TLS-traffic.pcap in Wireshark. Viewing the pcap in Wireshark using the basic web filter without any decryption. Without the key log file, we cannot see any details of the traffic, just the IP addresses, TCP ports and domain names, as shown in Figure 7. All web traffic, including the infection activity, is HTTPS. This pcap is from a Dridex malware infection on a Windows 10 host. Use a basic web filter as described in this previous tutorial about Wireshark filters.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |