When we travel to different places to attend conferences and business meetings, we generally don’t carry our personal laptops as we tend to use shared laptops that are publicly available and login to our personal accounts or do bank transactions. Even though we are using HTTPS (secured means) to access these web servers, how sure are we that our credentials are not being stolen?
What if the complete packet capture is taken in the background through WIFI? Look what happens when SSL Key Logger is enabled on that host machine. This is how it is done:
You just need to add the Environment Variable:
Add the variable named SSLKEYLOGFILE and give it a file path. This path can be any path to the file name with the extension .log.
Now, every time a browser uses SSL communication, the SSL key is saved in this particular log file.
Now, we can just add this path to the Wireshark SSL Protocol.
Open Wireshark Go to edit menu
Now you will be able to see all the encrypted files too.
I have tried to access many well-known websites like IRCTC, Paytm, iCloud, and Freecharge, I was able to see my credentials in plain text.
The below capture is for Freecharge where you can see the login username and password.
Now anyone can use those credentials and do any number of transactions using your account. If you have saved your bank details in that account, they can be misused. Hence, be careful when you are using shared laptops or desktops even though you are using a secured connection to access those websites. Your credentials might get stolen!