How can I configure Wireshark to see HTTPS traffic?
I'm testing an iOS application and I just want to see when HTTPS traffic is sent. I'm not interested in the contents of the traffic. How can I configure Wireshark to do this?
This is just to verify that an analytics package is working. I don't have any control over the servers that my app is talking to.
Thanks!
Edit #1: My current Wireshark configuration can see traffic to http://www.duckduckgo.com but not https://www.duckduckgo.com
Answer
An alternative is using your Mac as a Wi-Fi access point and sniffing the traffic with TCPDump. Here are the steps:
- Connect your Mac to your router using an Ethernet cable (the Wi-Fi card will be busy working as access point). Or skip this step if you only want to sniff traffic from the app to your own computer.
- In the Wi-Fi icon of your toolbar, click
Create Network. Give it a random name, select security, and set a password. - In
System Preferences > SharingsetTo computers using: Wi-Fi. InWi-Fi Options...choose the network you created before. InShare your connection from:, choose the interface you are getting Internet from, usually Ethernet. - Enable
Internet Sharing, and connect to this new Wi-Fi network from your iPhone. - Disconnect 3G on your iPhone from
Settings > General > Networkand check your Internet with Safari. Sometimes it takes a few seconds. - In your Mac type
sudo tcpdump -s 0 -A -i en1 port 443 > log.txt. Useifconfigif you have a network interface other than en1. The log generated can also be imported by WireShark (which is a GUI version of tcpdump). - Now all Internet traffic from your iPhone will be recorded.
TCPDump is included with all versions of OS X. For other options, see Technical Q&A QA1176 Getting a Packet Trace.