[wplug] I need to "wiretap" an HTTPS connection - how?

Pat Barron pat at lectroid.com
Fri Oct 31 17:50:55 EDT 2014 

I can't use anything that runs within a browser (such as Firebug), since 
this is an app running on a Java app server that's using a SOAP API to 
get data from elsewhere.  But, from first glance, it looks like ZAP 
might help me out here, maybe even Fiddler (if I can set it up on a 
Windows box).  Fiddler, I already knew about, but I was not aware of ZAP 
- thanks for this pointer!!

--Pat.

On 10/31/2014 2:35 PM, Jake S wrote:
> For something like firefox I'd try firebug (see net tab).  Also if you have access to a windows box Fiddler is a nice proxy.  It *can* mitm your ssl requests with it's own root cert.  I think something like burpsuite or zap would be easy enough to use. It's been a while since I've used either of those.
>   
> http://getfirebug.com/
>   
> http://www.telerik.com/fiddler
>   
> http://portswigger.net/burp/
>   
> http://code.google.com/p/zaproxy/
>   
> -Jake
>   
>   
>   
>> Date: Fri, 31 Oct 2014 14:26:42 -0400
>> From: pat at lectroid.com
>> To: wplug at wplug.org
>> Subject: Re: [wplug] I need to "wiretap" an HTTPS connection - how?
>>
>> No, we don't - the server is operated by a different team than the one
>> I'm working with.  Aside from making SOAP API calls, we have no access
>> to the server itself.  (The server is actually operated by the
>> organization I'm working with, but by a different team - worse comes to
>> worse, we may need to figure out how to get someone on the team that
>> operates the server to dig through server logs for us - but it's a large
>> organization, and the person I'm working with doesn't know or work with
>> any of those folks....)
>>
>> --Pat.
>>
>> On 10/31/2014 1:59 PM, Chris Thomas wrote:
>>> Do you have access to the server's SSL private keys? If so, you can install
>>> them into Wireshark and decrypt the encrypted traffic.
>>>
>>> -Chris
>>>
>>> On Fri, Oct 31, 2014 at 12:39 PM, Pat Barron <pat at lectroid.com> wrote:
>>>
>>>> So, long story short...
>>>>
>>>> I have an application making an HTTPS connection to a URL (for the purpose
>>>> of POSTing a SOAP request, though that's probably not relevant per se...).
>>>> Before successfully completing the HTTPS request, the remote side is
>>>> dropping the connection on me.  I have no idea why.  I'd like to be able to
>>>> see what is actually being sent/received on  the connection - though that
>>>> is tough, since it is encrypted...
>>>>
>>>> I have the ability to change the host and URL that is being used, and to
>>>> make the application use HTTP instead of HTTPS.  What I have in mind, is to
>>>> try to put some kind of proxy between the app and the remote server, so
>>>> that the app connects to the proxy using HTTP, and have the proxy connect
>>>> on it's behalf to the remote server using HTTPS.  Then I can sniff the
>>>> traffic on the unencrypted HTTP connection and get a better idea what is
>>>> going on.
>>>>
>>>> Can anyone suggest a simple proxy I could use for this?
>>>>
>>>> --Pat.
>>>>
>>>> _______________________________________________
>>>> wplug mailing list
>>>> wplug at wplug.org
>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>>
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>>
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
>   		 	   		
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list