Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] HTTPS sniffing ?
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 06 Jan 2008 14:18:51 -0800
xerces8 wrote:
Is there a (simple) way to sniff HTTPS traffic with wireshark ? (not just headers, but actual data content) (like with "HTTP Analyzer" where it is a single click)
If "HTTP Analyzer" is the application from IE Inspector: http://www.ieinspector.com/ they sayHTTPS is available if the application uses the Microsoft WININET API (ex. ie, outlook) or Mozilla NSS API. (ex. firefox, thunderbird)
which means that they might have some way of getting decrypted HTTP traffic from the application by, for example, interposing its own library in front of the WinInet or Mozilla NSS API or by using some hooks that those libraries provide, if, in fact, they provide it.
Wireshark isn't an "HTTP analyzer", it's a network analyzer that captures traffic at a much lower level (that's what it's intended to do and what it's designed to do). If it could determine the key needed to decrypt the traffic given only public keys and the raw network traffic, the first "S" in "SSL" and the "S" in "TLS" wouldn't belong there. :-)
- References:
- [Wireshark-users] HTTPS sniffing ?
- From: xerces8
- [Wireshark-users] HTTPS sniffing ?
- Prev by Date: Re: [Wireshark-users] Capture filter for ARP, DNS and PING
- Next by Date: Re: [Wireshark-users] Capture filter for ARP, DNS and PING
- Previous by thread: Re: [Wireshark-users] HTTPS sniffing ?
- Next by thread: [Wireshark-users] Capture filter for ARP, DNS and PING
- Index(es):