View Full Version : Is it possible to decrypt TLS / HTTPS traffic on mobile device using ettercap and Wireshark?

2022-02-17, 09:37
So I was recommended a video on YouTube where they showcased ARP poisoning and Wireshark, which made me very interested so I played around with it for a little bit.
I also tried decrypting data using Wireshark on my home network using the sslkeylogfile method (https://support.f5.com/csp/article/K50557518) which I found super fascinating, I managed to see a lot of data that had been encrypted using TLS / HTTPS, but this time around it was decrypted.

That being super cool, I started wondering if this could be taken a step futher? Doing the same thing but on other devices on the same network.
For instance, if I were to perform a MITM attack on my own network, between my mobile phone and my router, where my laptop would be the MITM. I learned that you can use what's called ARP poisoning / spoofing to intercept the data between the router and the device. However the data would be encrypted due to TLS / HTTPS.
Is it possible to perform the same sslkeylogfile method (https://support.f5.com/csp/article/K50557518)? I've read that it only works on Chromium and Firefox based browsers, so Safari probably wouldn't work no? Unless Safari is Chromium based which I have no idea about.