[ACCEPTED]-Capturing HTTPS traffic in the clear?-man-in-the-middle

Accepted answer
Score: 16

Does Fiddler do what you want?

What is Fiddler?

Fiddler 11 is a Web Debugging Proxy which logs all 10 HTTP(S) traffic between your computer 9 and the Internet. Fiddler allows you to 8 inspect all HTTP(S) traffic, set breakpoints, and 7 "fiddle" with incoming or outgoing 6 data. Fiddler includes a powerful event-based 5 scripting subsystem, and can be extended 4 using any .NET language.

Fiddler is freeware 3 and can debug traffic from virtually any application, including 2 Internet Explorer, Mozilla Firefox, Opera, and thousands 1 more.

Score: 10

Wireshark can definitely display TLS/SSL 18 encrypted streams as plaintext. However, you 17 will definitely need the private key of 16 the server to do so. The private key must 15 be added to Wireshark as an SSL option under 14 preferences. Note that this only works if 13 you can follow the SSL stream from the start. It 12 will not work if an SSL connection is reused.

For 11 Internet Explorer this (SSL session reuse) can 10 be avoided by clearing the SSL state using 9 the Internet Options dialog. Other environments 8 may require restarting a browser or even 7 rebooting a system (to avoid SSL session 6 reuse).

The other key constraint is that 5 an RSA cipher must be used. Wireshark can 4 not decode TLS/SSL stream that use DFH (Diffie-Hellman).

Assuming 3 you can satisfy the constraints above, the 2 "Follow SSL Stream" right-click command 1 works rather well.

Score: 7

You need to setup a proxy for your local 6 application and if it doesnt honour proxy 5 settings, put a transparent proxy and route 4 all https traffic into it before going outside. Something 3 like this can be the "man" in 2 the middle: http://crypto.stanford.edu/ssl-mitm

Also, here's brief instructions 1 on how to archive this with wireshark: http://predev.wikidot.com/decrypt-ssl-traffic

Score: 4

You should also consider Charles. From the product 7 description at the time of this answer:

Charles 6 is an HTTP proxy / HTTP monitor / Reverse 5 Proxy that enables a developer to view all 4 of the HTTP and SSL / HTTPS traffic between 3 their machine and the Internet. This includes 2 requests, responses and the HTTP headers 1 (which contain the cookies and caching information).

Score: 0
  1. For using https proxy to monitor, it depends 14 on the type of handshake. If you local application 13 does not check the server's certificate 12 by CA's signature which you can not fake, and 11 the server does not check your local application's 10 certificate ( or if you have one to setup 9 on https proxy) then you can set up a https 8 proxy to monitor the https traffic. Otherwise, I 7 think it is impossible to monitor traffic 6 with https proxy.

  2. Another way you can try 5 is to add instrumentation probe at the routines 4 of your client program where it send and 3 receive messages from its https library. It 2 needs some reverse engineering work, but 1 should work for you for all situations.

More Related questions