[wplug] I need to "wiretap" an HTTPS connection - how?

Zachary Uram netrek at gmail.com
Fri Oct 31 18:36:21 EDT 2014 

Pray you get it resolved Pat. Don't give up!

On Fri, Oct 31, 2014 at 5:57 PM, Pat Barron <pat at lectroid.com> wrote:

> The other interesting wrinkle here (I know I'm getting away from Linux,
> per se - but it's just kind of interesting....).
>
> When the app makes this SOAP request, it gets as far as completing the SSL
> handshake (based on what I see in the app server logs with a whole bunch of
> SSL tracing turned on), and then the server side drops the connection and I
> get "Connection reset".  When I manually make (apparently) the same request
> via SOAP UI (a troubleshooting / development tool for SOAP apps), it works
> just fine.  No idea why it's failing from the app - this is driving me
> batty....  ;-)
>
> --Pat.
>
>
> On 10/31/2014 5:50 PM, Pat Barron wrote:
>
>> I can't use anything that runs within a browser (such as Firebug), since
>> this is an app running on a Java app server that's using a SOAP API to get
>> data from elsewhere.  But, from first glance, it looks like ZAP might help
>> me out here, maybe even Fiddler (if I can set it up on a Windows box).
>> Fiddler, I already knew about, but I was not aware of ZAP - thanks for this
>> pointer!!
>>
>> --Pat.
>>
>> On 10/31/2014 2:35 PM, Jake S wrote:
>>
>>> For something like firefox I'd try firebug (see net tab).  Also if you
>>> have access to a windows box Fiddler is a nice proxy.  It *can* mitm your
>>> ssl requests with it's own root cert.  I think something like burpsuite or
>>> zap would be easy enough to use. It's been a while since I've used either
>>> of those.
>>>   http://getfirebug.com/
>>>   http://www.telerik.com/fiddler
>>>   http://portswigger.net/burp/
>>>   http://code.google.com/p/zaproxy/
>>>   -Jake
>>>
>>>> Date: Fri, 31 Oct 2014 14:26:42 -0400
>>>> From: pat at lectroid.com
>>>> To: wplug at wplug.org
>>>> Subject: Re: [wplug] I need to "wiretap" an HTTPS connection - how?
>>>>
>>>> No, we don't - the server is operated by a different team than the one
>>>> I'm working with.  Aside from making SOAP API calls, we have no access
>>>> to the server itself.  (The server is actually operated by the
>>>> organization I'm working with, but by a different team - worse comes to
>>>> worse, we may need to figure out how to get someone on the team that
>>>> operates the server to dig through server logs for us - but it's a large
>>>> organization, and the person I'm working with doesn't know or work with
>>>> any of those folks....)
>>>>
>>>> --Pat.
>>>>
>>>> On 10/31/2014 1:59 PM, Chris Thomas wrote:
>>>>
>>>>> Do you have access to the server's SSL private keys? If so, you can
>>>>> install
>>>>> them into Wireshark and decrypt the encrypted traffic.
>>>>>
>>>>> -Chris
>>>>>
>>>>> On Fri, Oct 31, 2014 at 12:39 PM, Pat Barron <pat at lectroid.com> wrote:
>>>>>
>>>>>  So, long story short...
>>>>>>
>>>>>> I have an application making an HTTPS connection to a URL (for the
>>>>>> purpose
>>>>>> of POSTing a SOAP request, though that's probably not relevant per
>>>>>> se...).
>>>>>> Before successfully completing the HTTPS request, the remote side is
>>>>>> dropping the connection on me.  I have no idea why.  I'd like to be
>>>>>> able to
>>>>>> see what is actually being sent/received on  the connection - though
>>>>>> that
>>>>>> is tough, since it is encrypted...
>>>>>>
>>>>>> I have the ability to change the host and URL that is being used, and
>>>>>> to
>>>>>> make the application use HTTP instead of HTTPS.  What I have in mind,
>>>>>> is to
>>>>>> try to put some kind of proxy between the app and the remote server,
>>>>>> so
>>>>>> that the app connects to the proxy using HTTP, and have the proxy
>>>>>> connect
>>>>>> on it's behalf to the remote server using HTTPS.  Then I can sniff the
>>>>>> traffic on the unencrypted HTTP connection and get a better idea what
>>>>>> is
>>>>>> going on.
>>>>>>
>>>>>> Can anyone suggest a simple proxy I could use for this?
>>>>>>
>>>>>> --Pat.
>>>>>>
>>>>>> _______________________________________________
>>>>>> wplug mailing list
>>>>>> wplug at wplug.org
>>>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>>>>
>>>>>>  _______________________________________________
>>>>> wplug mailing list
>>>>> wplug at wplug.org
>>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>>>
>>>>
>>>> _______________________________________________
>>>> wplug mailing list
>>>> wplug at wplug.org
>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>>
>>>
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>>>
>>
>>
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
>>
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>



-- 
http://www.fidei.org

More information about the wplug mailing list