There's a question similar to this, but it asks if you simply can decrypt SSL with the certificate.
So my question is, if you capture all traffic from a device using Wireshark then shouldn't you have at least enough information to decrypt incoming traffic? What I've heard is that the server sends a public key which the computer uses to generate a symmetric key to encrypt data which can only be decrypted on the server. But then if everything is encrypted, how does the browser decrypt incoming traffic? And can't that be intercepted, or how how else is the browser going to be able to decrypt what the server sends?
I also used Fiddler and it seems that Fiddler can read https traffic when I'm on facebook and stuff, so how does that exactly work then?
Fiddler acts as a man-in-the-middle: it sends its own self-generated certificates, with its own private/public key pairs, to the client. Hence, when the client sends the symmetric key to the Fiddler, it does so using the public key that matches the private key that Fiddler itself already has. See What is point of SSL if fiddler 2 can decrypt all calls over HTTPS? to understand how the browser can be configured to allow this.
After Fiddler gets the decrypted traffic, it resends the requests to the server, pretending to the server like it is the client, using the server's public key to encrypt a new symmetric key that is used to talk from Fiddler to the server.
[Client] -FiddlerPublicKey(SymmetricKey1)--> [Fiddler] -ServerPublicKey(SymmetricKey2)--> [Server]
In contrast, Wireshark can decrypt the traffic when you provide it with the server's private key; it can look for the message where the client sends the symmetric key and decrypt it using the (normally secret) private key that the server ordinarily holds.