How to Decrypt HTTPS Packets with Capsa

With the development of network security, HTTPS is a protocol for secure communication over a computer network and now is widely used on the Internet. As everything in the HTTPS message is encrypted, including the headers, and the request/response load, the network analyzer can only know that a connection is taking place between the two parties and their domain names and IP addresses, which makes it really hard for the IT engineers to fully monitor the network. However, this is not an issue with Capsa anymore. Capsa 9.2 is able to decrypt HTTPS packets and to see more details.

Packet before the decryption:

network packet before the decryption

Packet after the decryption:

network packet after the decryption

In order to decrypt HTTPS packets with Capsa, you need to configure the decryption settings first.

To go to the decryption settings, click the menu button on the top-left corner, and go to the Options.

Decryption Settings of network analysis

On the System Options box, go to the HTTPS Decryption Settings tab as screenshot below:

HTTPS Decryption Settings

Capsa supports to decrypt 3 kinds of HTTPS encryption: RSA, PSK, DH.

  • RSA

    • To configure the RSA Key Settings, click the Edit button. Upon the RSA Key Settings box, click the Add button.

    RSA Key Settings

    Locate the key file and import the RSA Key file. If your key file has additional password, please input the password as well.

    Then, click OK to save all the configurations.

    RSA Key of network analysis

  • PSK

    • If the packet used PSK method for encryption, you could put the HEX code for Pre-Shared Key to decrypt the packet.

  • DH

    • If the packet used DH method for encryption, you need to import the (Per)-Master-Secret log file for decryption.

    To get the (P)MS log file, you could go to the Environment Variables under the Advanced System Settings.

    Create a new system variable, with the name of SSLKEYLOGFILE. And set the Variable value with the path (C:\Users\[current user]\key.log is recommended) to store the key log.

    Then click the OK button to save all the configurations.

    save all the configurations of network analysis

    Use Google Chrome to visit HTTPS website, the (P)MS log file will be automatically generated in the place, which you configured in the system variable.

    configured for network analysis

    Note: This method only works with Google Chrome.

    After getting the (P)MS log file, go back to Capsa and click the Browse button to import the (P)MS log file.

    (P)MS log file of network analysis

    For MAC, after allowing ignoring "MAC Failed", Capsa will continue decryption when the "MAC Failed" message appears. Without selecting this item, Capsa will skip decrypting this part and continue decrypting the following parts.

After finishing configuring HTTPS Decryption Settings with the right key or log file, you are now able to see the encryption message of HTTPS packets. Capsa 9.2. helps you to decrypt HTTPS packets and to see more details of network packets.