'Decrypting QUIC UDP Payloads in Wireshark
I have a whole bunch of encrypted QUIC UDP packets I've managed to capture and narrow down from an online game. I believe these are the incoming chat messages.
I'd like to decrypt these packets to see if I can read the raw data being sent. Is this possible? What information/settings do I need?
Solution 1:[1]
For decrypting QUIC packet in latest wireshark (not sure if works in older verison )
- Go to Edit->Preferences->Protocols
- select QUIC from drop down list
- select " Force decode of all QUIC Payload"
In wireshark version 3.2.3 at Edit->Preferences->Protocols->QUIC, add the QUIC UDP port. The wireshark will now decode these UDP packets as QUIC packets. It will decode the non-encrypted plain header fields of QUIC, however the encrypted part of QUIC remains encrypted and is just displayed with label "remaining payload". These steps are for decoding a QUIC UDP packet header fields and not for there decryption.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | neutrino |