![]() ![]() If TLS doesn't protect you from that, TLS has no reason to exist and web browsers like Chrome have no reason to behave any differently between http and https sites. The whole reason TLS exists is to protect you from someone who controls your router, classically in an internet cafe. The reason why Im asking this is because my router was hacked, I was reading some things and I want to know what is possible to have happened. ![]() How can one get this key? Is decryption of https possible without this key? is Key log file using per-session secrets enough for decryption? Since the attacker controls your router, Can he do the same thing, instruct your device(computer,smartphone) to write this down somewhere so he can use it for decryption of https? Can the attacker get it If he controls your device/is able to see the contents from your device via virus, malware ?ĭoes the attacker need both Key log file using per-session secrets and RSA private key to decrypt https or is only one of these needed?įrom what I know the RSA private key cannot be acquired from the site you connect to nor from the victim. ![]() On the site of Wireshark it says that there are 2 methods : Key log file using per-session secrets and Decryption using an RSA private key.Ĭan the attacker get your "Key log file using per-session secrets" remotely? I know that if you are doing this, you can instruct your computer to write the "key log file using per-session secrets" down somewhere and from there you log it to Wireshark. Does Wireshark(packet sniffers in general) let you decrypt someone else's https sites, or only your own? For example if the router is hacked can a packet sniffer give the attacker the ability to decrypt every https site you visit from each device connected to the router? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |