Decrypt TLS packets

PiKe · 19 Aug 2017 at 12:31

I've been having issues on and off with Hotmail using the IMAP and POP3 protocols, Microsoft have requested a packet capture but obviously the useful bits are encrypted.

Now whilst they may be able to decrypt it their end as they will have access to the certificate, how can I do it my end so I can see the real packet data and figure out what's going on?

Caged · 19 Aug 2017 at 14:17

Usually Microsoft support (at least the Office 365 team) will direct people to install Fiddler and then install a root cert. The TLS packets are decrypted by this proxy and then re-encrypted, and since you explicitly trust the root cert, you don't get any browser errors.

PiKe · 19 Aug 2017 at 15:28

It's not through a browser though, it's through an email client, fiddler doesn't log anything in this instance.

JC · 19 Aug 2017 at 19:41

What is the email client? can you configure it to use a proxy (i.e. fiddler)?
Example: https://limeproxies.zendesk.com/hc/...-configure-Mozilla-Thunderbird-proxy-settings

If you configure a proxy in HTTPS mode and configure your machine to trust the certificate, your email client will still function over https, and you should be able to intercept the traffic between your client and the proxy (and the proxy will send the traffic onward encrypted to Microsoft)
Example: http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/TrustFiddlerRootCert