TLS Captures and Decode - Hsanokklis/2023-2024-Tech-journal GitHub Wiki
Understanding Certificates is very important when working with modern web services.
Go to HTTPS site in a browser and click the lock to get the certificate information.
- In chrome go to developer mode and go to
security
What server was the certificate assigned to?
- typeracer.com
This can be found under "common name" in the certificate
What is the validity date of the cert?
- Saturday March 24th 2024
What is the Certificate Authority for the certificate?
- Google Trust Services LLC
This can be found as the "issuer" of the certificate
Can you find the public key?
Use Wireshark to capture connections to a HTTPS site
Describe the packet exchange for the HTTPS negotiation - how many packets, what order....
When looking at TLS packets in Wireshark, you are not able to view the certificate with TLS v3 since encryption starts before the certificate is assigned. Whereas with TLS v2 packets, the certificate is assigned before the encryption so the you can see its contents in the packets.
You can see the exchange in the HTTPS negotiation below:
Packet 1: Server Hello
Packet 2: Certificate, Server key exchange, server done
Packet 3: Client key exchange, Change cipher spec, Encrypted Handshake message
Find the server certificate in the packet
Can you find all the information that you found when clicking the lock?
Post details about the certificate
- Validity Date
- Certificate Authority
- Public key