xerces8 wrote:
> Is there a (simple) way to sniff HTTPS traffic with wireshark ?
> (not just headers, but actual data content)
> (like with "HTTP Analyzer" where it is a single click)
If "HTTP Analyzer" is the application from IE Inspector:
http://www.ieinspector.com/
they say
HTTPS is available if the application uses the Microsoft WININET API
(ex. ie, outlook) or Mozilla NSS API. (ex. firefox, thunderbird)
which means that they might have some way of getting decrypted HTTP
traffic from the application by, for example, interposing its own
library in front of the WinInet or Mozilla NSS API or by using some
hooks that those libraries provide, if, in fact, they provide it.
Wireshark isn't an "HTTP analyzer", it's a network analyzer that
captures traffic at a much lower level (that's what it's intended to do
and what it's designed to do). If it could determine the key needed to
decrypt the traffic given only public keys and the raw network traffic,
the first "S" in "SSL" and the "S" in "TLS" wouldn't belong there. :-)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
