Sunday, March 27, 2011

Capturing HTTP traffic on SSL enabled sites

Background
  • On number of occasions there arises a need to capture HTTP traffic. In dev environments, this is usually accomplished using tools like NetMon or Wireshark
  • Issue arises when we have a need to capture HTTP traffic which is enabled with SSL
  • Without the ability to capture SSL traffic, one usually has to disable SSL, capture traffic and then enable SSL
Requirement
  • Capture SSL HTTP traffic via Wireshark utility
  • Have access/required permissions to export out specific certificate in question
Disclaimer
These steps should not be performed in production environment and are provided as potential options for debugging purposes in  development environments which have SSL enabled HTTP traffic.
Steps
  1. Note: Listed below steps need to be done on Server presenting the certificate
  2. Export out the SSL certificate (with password) using MMC snap in. This needs to be done on the server which is presenting the SSL certificate.
  3. Open wireshark
  4. Go to Edit/Preference, select "SSL" as protocol
  5. Enter appropriate info: X.Y.Z.A (ipaddress),443,http,C:\Users\Login\Desktop\Cert.pfx,(password)
  1. X.Y.Z.A is the IP address of the HTTP server or load balancer in front of the HTTP server
  2. 443 is the SSL port used
  3. Http is the protocol used
  4. "C:\Users\Login\Desktop\Cert.pfx" is the location of the certificate file that contains the certificate (w.r.t to wireshark utility)
  5. Password used while exporting the certificate in step 1 above.
Read more: Sameer Surve