4

I have a whole bunch of encrypted QUIC UDP packets I've managed to capture and narrow down from an online game. I believe these are the incoming chat messages. enter image description here

I'd like to decrypt these packets to see if I can read the raw data being sent. Is this possible? What information/settings do I need?

Connor Bell
  • 124
  • 1
  • 9
  • 1
    Wireshark does not support QUIC decryption at the moment. The drafts at https://tools.ietf.org/wg/quic/ are also not really detailled on the ciphers... Your best chance to understand how it works is probably https://docs.google.com/document/d/1g5nIXAIkN_Y-7XJW5K45IblHd_L2f5LTaDUDwvZ5L6g – Lekensteyn Dec 09 '16 at 20:51
  • @Lekensteyn Cheers, I'll take a look – Connor Bell Dec 09 '16 at 20:53
  • I've read the document and it does not help at all, because it does not give any details.. in Wireshark you just can see CHLO, REJ from server, the second CHLO and the data is encrypted.. (and you aren't able to see the SHLO) :/ – Sericaia Jan 20 '17 at 16:33

1 Answers1

2

For decrypting QUIC packet in latest wireshark (not sure if works in older verison )

1 Go to Edit->Preferences->Protocols 2 select QUIC from drop down list 3. select " Force decode of all QUIC Payload"

Prateek Chouhan
  • 21
  • 2