![]() ![]() If we mean decoding our own HTTPS traffic and want to practice, then this strategy will work. We’re talking about the web browser of the person who is trying to steal the password. Well, then grab traffic and use the received key to decrypt it. In essence, it is necessary to steal a file with a session key from another user’s hard drive (which is illegal). To do this, the browser must be configured to write these encryption keys to a log file ( example based on FireFox), and you must receive this log file. Option 2: You can decrypt HTTPS traffic using the session key log file written by Firefox or Chrome. ![]() At the time of the connection, you can intercept the session key. Option 1: Connect to the disconnection between the user and the server and capture traffic at the time the connection is established (SSL Handshake). There are several options for answering this question. What if the traffic is encrypted and using HTTPS?
0 Comments
Leave a Reply. |