Sniff POST variables through HTTPS

https wireshark
dan-klasson picture dan-klasson · Apr 29, 2011 · Viewed 33.9k times · Source

I am trying to reverse engineer a script so I can submit a form using Mechanize. The form is using some weird Javascript form upload script that I just can't seem to understand. So I was thinking I would sniff the traffic going from my browser to the server.

First of all, is this even possible? If so, what would be a good way to do it? I have tried Wireshark with the filter 'http.request.method == "POST"', but it doesn't seem to work.

Answer

John Cromartie picture John Cromartie · Apr 29, 2011

All HTTP traffic using HTTPS over TLS is encrypted, POST parameters included. You will need to configure Wireshark especially for this: http://wiki.wireshark.org/SSL and it is not likely that you will have access to the keys necessary to decrypt the traffic unless you own the HTTPS server.

Related questions

How can I configure Wireshark to see HTTPS traffic?

I'm testing an iOS application and I just want to see when HTTPS traffic is sent. I'm not interested in the contents of the traffic. How can I configure Wireshark to do this? This is just to verify that an …

Read More
Decrypting HTTPS traffic in Wireshark not working

I'm running Wireshark 1.8.6 on Windows Server 2008 R2 and attempting to decrypt incoming HTTPS communication in order to debug an issue I'm seeing. I have my RSA Keys list set up correctly (I think) but Wireshark will not decrypt the SSL …

Read More
Wireshark not capturing HTTPS packets?

Wireshark is not capturing https packets. I've tried filtering them by portmap.port == 443 but no https packet is shown, however, http packets are captured fine. Any suggestions?

Read More