Reputation: 11
Are there any good instructions to decrypt SSL traffic?
I want to see what personal information a flash application is sending back to its servers. Wireshark shows that the app is using SSL, so I'm trying to figure out how to decrypt the traffic between the app and the remote server. I found these instructions on Wireshark's site http://wiki.wireshark.org/SSL, but they seemed to be incomplete and I couldn't get it to work. Has anybody had success accomplishing this?
Upvotes: 1
Views: 1213
Answers (2)
Reputation: 45578
Try this: http://www.charlesproxy.com/
It works because it acts as a man-in-the-middle (and therefore, your browser will warn you as the root certificate isn't trusted).
Upvotes: 2
Reputation: 98489
If you don't have access to the private key for the server with which the Flash application is communicating, and the Flash app is properly designed, you will not be able to decrypt the traffic.
The only chance you have is something malicious: spoofing a certificate for the site. The certificate you produce will be invalid, so you'll have to manually add it to your browser/OS's trust store before loading the page. Once you've done this, set up a transparent proxy and sniff away.
Upvotes: 1
Related Questions
- How can I decrypt HTTPS messages sent from a C# HTTP Client using Wireshark?
- How to decrypt HTTPS packet
- Cannot decrypt HTTPS Traffic with Wireshark
- Decrypting HTTPS traffic in Wireshark not working
- Can you decrypt incoming SSL traffic?
- How can I dump and decrypt HTTPS traffic from the command line under linux?
- HTTPS decoding, SSL decryption
- Decrypt SSL connection when having a complete dump
- Getting started with SSL
- How can I encrypt my website traffic?