Comments on: Sniffing SSL TLS Sessions with Wireshark

By: Alex Railean

Alex Railean — Mon, 08 Mar 2010 20:10:03 +0000

Give a try to oSpy, it is a sniffer that allows you to view HTTPS traffic, provided that you’re running it on Windows and the program that generates the traffic uses the Wincrypt API.

It is not a universal tool, but for a subset of tasks it is exactly what one needs.

By: Ruben

Ruben — Thu, 03 Sep 2009 08:55:56 +0000

Not entirely true. You could sniff the client memory location; but that is not something that wireshark can do.

See http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange#Description for more information about the genius of Diffie-helman.

By: Jörg Schulz

Jörg Schulz — Thu, 18 Jun 2009 10:32:06 +0000

It’s not possible to decrypt the DHE data. That’s what DHE is for: secure key-exchange over unsecure channels. The only way to break this is by a MITM-attack, but that’s not the way wireshark works.