Wireshark mailing list archives
Re: newbie question about https
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Fri, 16 Jul 2010 17:23:34 -0500
On Fri, Jul 16, 2010 at 4:01 PM, john doe <> wrote:
Dear all, I am a relative newbie with wireshark and am going through some tutorials. I ran a capture on a site with https:// and was testing for sqli on it with an automated open-source tool. When I look at the capture, I do not seem to be able to decode the data. My goal is to see the actual html returned as a result of the testing. Steps I followed: 1) started wireshark 2) opened up site in browser 3) started testing tool. Can someone please point me to a tutorial which deals with analyzing https streams. I looked up some tutrials but they assume that you have the servers private key, which I cannot get. Thanks.
http://wiki.wireshark.org/SSL is the best resource which, yes, assumes you have the private key which is required for Wireshark to fully decrypt the encrypted traffic. If you want something that can get you inside the packet, I'd suggest using Fiddler (http://www.fiddler2.com/fiddler2/). There are plugins for IE like IE Header View that aren't free and plugins for Firefox like Live HTTP Headers that are free, but Fiddler (also free) works with any browser that can support proxy settings. Assuming you install the feature and accept the fake certificate, Fiddler will show you a great deal of information about your encrypted traffic. I have looked for a way to use a plugin to get raw decrypted packets from my browser to Wireshark, but I haven't found anything that comes close to doing that. I don't know how to take what Fiddler shows and dump it to a pcap file, for example. -Jason ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- newbie question about https john doe (Jul 16)
- Re: newbie question about https DePriest, Jason R. (Jul 16)