All geek questions in one place

How can I dump and decrypt HTTPS traffic from the command line on Linux?

I have a web application that needs to be debugged because I suspect that sending the request has changed on the server path.

I want to drop the HTTPS traffic received on localhost: 443 and decrypt it so that I can check the packets.

Obviously, I have a private hey from the server.

Is there any way to do this from the command line?

+4
source share
2 answers

You can use ssldump (it runs on top of libpcap).

ssldump -r <File_Name>.pcap -k <Key_File>.key -d host <IP_Address>

In the ssldump utility ssldump you specify the following parameters:

 -r: Read data from the <File_Name>.pcap file instead of from the network. -k: Use <Key_File>.key file as the location for the SSL keyfile. -d: Display the application data traffic.

You can refer to the full example here

+3
source

You can import the SSL key into wirehark to decrypt https if Wireshark is compiled with support for SSL decryption:

http://www.etherlook.com/howto/use-wireshark-to-decrypt-https/

http://wiki.wireshark.org/SSL

+2
source

Source: https://habr.com/ru/post/1495486/

More articles:


All Articles