sslhttpsman-in-the-middle

Capturing HTTPS traffic in the clear?


I've got a local application (which I didn't write, and can't change) that talks to a remote web service. It uses HTTPS, and I'd like to see what's in the traffic.

Is there any way I can do this? I'd prefer a Windows system, but I'm happy to set up a proxy on Linux if this makes things easier.

What I'm considering:

  1. Redirecting the web site by hacking my hosts file (or setting up alternate DNS).
  2. Installing an HTTPS server on that site, with a self-signed (but trusted) certificate.
  3. Apparently, WireShark can see what's in HTTPS if you feed it the private key. I've never tried this.
  4. Somehow, proxy this traffic to the real server (i.e. it's a full-blown man-in-the-middle "attack").

Does this sound sensible? Can WireShark really see what's in HTTPS traffic? Can anyone point me at a suitable proxy (and configuration for same)?


Solution

  • Does Fiddler do what you want?

    What is Fiddler?

    Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

    Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.