Sniff Network Traffic

From Exterior Memory
Jump to: navigation, search

Sniffing Unencrypted Traffic

Command line:

tcpdump -i eth0

GUI:

wireshark


Sniffing HTTPS traffic

Initiate the connection yourself

openssl s_client -connect myserver.example.org:443

Configure Wireshark to decrypt

This option requires the private key of the server you're connecting with.

(Check if wireshark is configured with GnuTLS: "wireshark -v" should list "with GnuTLS" and "with Gcrypt", otherwise, the option to add a private RSA key is not visible in the preferences)

If you prefer a command line alternative over wireshark, check out ssldump.

Use a proxy server

This option alters the certificate of the server, so your webbrowser be be configured to accept the new certificate.

http://www.charlesproxy.com/download/

(Charles is a paid application.)

Firefox extension

I expected a Firefox extension that could show the decrypted HTTPS traffic, but so far I have not found anything like this.

This article is unfinished.