Wireshark Trick: Sniffing Browser TLS Traffic

Introduction Wireshark 4.2.0 added a new functionality [1] that can be used to directly launch a web browser with the SSLKEYLOGFILE environment variable set, in order to easily sniff and decrypt TLS traffic from a started application. Howto This new feature can be found in the Tools menu and then under TLS Keylog Launcher (1). You can specify to which file where the SSLKEYLOGFILE variable should point to (2) in order to save the key material. Then, a command can be provided in the command line input field (3), which is then started with the SSLKEYLOGFILE variable set. If an application supports the SSLKEYLOGFILE mechanism [3], the TLS keys are the automatically stored in the configured file and Wireshark is able to decrypt the content (4) and show it in cleartext (5). ...

17.11.2023 Â· 1 min Â· Emanuel Duss

Create Evil WiFi Access Point (802.11evil)

Introduction In pentests, connecting devices to your own network can be very useful. This enables you to analyze the network traffic and use a transparent proxy to intercept and inspect data transmitted between the devices and servers. This approach helps finding potential security weaknesses in applications and network communications. In order to make this process easier, I created a script that starts a new WiFi that can be used to analyze the network traffic of the connected clients. ...

12.09.2023 Â· 3 min Â· Emanuel Duss

Bypassing Proxy Filters via SNI Spoofing

Introduction Recently, I read on Twitter that SNI spoofing can be used to bypass deep packet inspection. This is the Tweet: Ok, so SNI spoofing is cooler than I thought. It’s easy to bypass these deep packet inspection devices and Next Gen firewall filters. Want to visit a “malicious” website? Getting blocked? Just change the SNI value to a windows update address. - @nullenc0de on Twitter (https://twitter.com/nullenc0de/status/1159805999332638720) I wanted to understand how this works and how it can be done, so started playing around with curl. ...

25.06.2020 Â· 3 min Â· Emanuel Duss