Analyzing and Decrypting TLS with Wireshark
In this lab, you’ll practice capturing network traffic, decrypting, and analyzing it to verify proper TLS operation. When you’re finished, you’ll know how to capture session keys and use them to decrypt traffic in Wireshark.
Terms and conditions apply.
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Challenge
Capture an HTTPS Website and Session Keys in Wireshark Using Windows
In this challenge ,you will be provided with a virtualized Windows desktop where you will configure it to capture session keys for all TLS sessions using the Firefox browser.
Challenge
Filter the Captured Frames and Decrypt the Capture with the Session Keys
In this challenge, you will use information collected from the previous Challenge to filter out only the frames associated with the Globomantics website, and then apply the session keys to decrypt the messages.
Challenge
Examine the Decrypted TLS Handshake
In this challenge, you will take a deeper look at the TLS handshake. The handshake has many detailed components, and you will examine the Client Hello, Server Hello, and Certificate messages. There is an option to use an external website to examine more details of the handshake if you like.
Challenge
Capture an HTTPS Website and Session Keys in Wireshark Using Linux Desktop, and decrypt the messages
In this challenge, you will repeat the exercise of capturing an HTTPS website and the session keys, but this time in Linux. You will find the TCP session for the website, and then decrypt it with the session keys.
Challenge
Examine the HTTPS Session of a TLS 1.1 Server
In this last challenge, you will use Wireshark to capture a website and examine what happens when the browser does not support the version of TLS configured on the server.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- TCP fundamentals (3 way handshake/disconnect)
- TLS fundamentals (handshake process)
- Wireshark fundamentals (capturing packets)
- Linux Desktop and command line fundamentals
- Windows fundamentals