Is it possible to decrypt HTTPS traffic?
First of all, your question is phrased the wrong way.
TLS was meant to encrypt traffic between two entities. There are many attacks on HTTPS protocol as documented in wiki article. Your question is not about TLS itself, but about an application of it (HTTPS traffic decryption). So my answer will be quite limited - I won't even go into details.
If you are interested in the technical details of SSL, then I would recommend reading The SSL Protocol by Jean-Luc, a well known crypto expert. ? SSL does not change the nature of the data in any way. You still have raw binary data that can be read, modified, encrypted, tampered with. It's just encrypted and that's all. Yes, you can technically read anything sent over this channel - you can decode it using man in the middle attacks, bruteforce or use existing libraries to read it. Also if your attacker has unlimited computing resources it's impossible for you to protect your data from him or her. (At least not in today's world - quantum computers could bring the game to a completely new level) But SSL protocol doesn't do anything to protect your data against attackers with limited resources.
Also when you use https protocol, all the information about the server and the client is sent in the clear. You need to know this information in order to connect to the right server. If you don't know the information about the other side - it's very hard to figure out what type of services are being provided by this server.
There are a lot of applications for https that are very sensitive - banking, payment transactions, email messages and others. If you read wiki, you'll get the idea how the service providers see this weakness of HTTPS.
Yes, an attacker who has root access to a machine can in theory decrypt all the traffic. They would have to use some decryption software to decrypt the traffic.
It is possible in practice with certain kinds of attacks. For example if there are certificate mis-matches (eg using an expired cert with a different subject) then it is possible that the attacker will capture all the traffic with one side getting a valid cert but with a different server.
How do I see HTTPS traffic in Wireshark?
I'm seeing HTTPS traffic in wireshark, but can't find a way to decode it.
What can I do? Wireshark can decode and log HTTP, HTTPS, and SSH traffic. The following screenshot is for Firefox (Chrome users need to use the Network protocol instead of the HTTP protocol): If you have access to your routers config file, that might be an easier option. Note that there's no "HTTPS -> IPSEC -> Wireshark" path; it's one stream of data after the next, so you need to be able to separate them out. Another common configuration for inspecting https traffic within Wireshark is to create a rule with a tls/ssl filter followed by a tcpdump filter.
Related Answers
How to analyse Wireshark traffic?
What is the difference between Protocol and Application? How do I f...
Is there a Wireshark for Mac?
(I'm on OS X 10.6.8) After using it for a while, now my question is no...
How to capture Wi-Fi on Wireshark?
In this article, I'll teach you how to capture the Wi-Fi traffic on Wire...