P.S: I tried the above in Kali Virtual Machine, but I do think it's the same for Ubuntu. So, over here, OCSP tells you that X.509 certificates(used in both SSL and TLS) have been revoked since they were compromised, so putting it in simple terms, data has been decrypted and the certificates have been compromised. It's because of OCSP(Online Certificate Status Protocol)(I'm very much sure that when you were able to capture HTTPS packets when browsing on a virtual machine, you would have observed OCSP too). Instead you can search for TLS/SSL in the search bar and voila!, you would be able to see them since https is secured with either SSL or TLS.Īnd yes, the next question that might confuse you is why is wireshark able to capture packets when I run an 'HTTPS' site on a virtual machine? The reason behind this is https is 'http secure' which ensures secure communication over a network and hence it undergoes encryption and decryption end-to-end, so wireshark won't be able to capture them. View: Wireshark Website | Wireshark 3.6.Make sure that you are accessing websites bound with http but not https
0 Comments
Leave a Reply. |