On Wed, Nov 18, 2009 at 11:10:13AM -0600, Ronald Nutter wrote:
> I have a situation where I need to be able to capture and decode SSL
> traffic between a server and a user. After doing some searching via
> google, I think I understand that I need to get the .der and .pem files
> and run openssl to get the private key, plug that into wireshark in order
> to be able to decode the ssl traffic. If I am wrong, please correct me.
Almost correct, you would need *either* the DER *or* the PEM formatted
private key that matches the certificate on the server. This private key
can be found on the server and if it is not in PEM format, you can use
openssl to convert it to PEM format (with no passphrase).
> In the situations where I wont have access or be able to get the .der and
> .pem files, is there a way that I can decode SSL traffic when I am the
> endpoint (client) of a ssl communication with a server ?
Then network traces won't help you (luckily). What you could do is use
Firefox with the httpfox plugin. It won't give you decrypted network
traffic, but it does give you all the objects of the page in decrypted
form (as it sits between the SSL decrypter and the page renderer). If
you combine this with a network trace with the encrypted traffic, you
have quite a good view on what's happening...
Hope this helps,
Cheers,
Sake
PS For IE, there is httpwatch, which is what httpfox is trying to
mimic, but it needs a license.
