How can I configure Wireshark to see HTTPS traffic?

SundayMonday picture SundayMonday · Aug 23, 2011 · Viewed 53.1k times · Source

I'm testing an iOS application and I just want to see when HTTPS traffic is sent. I'm not interested in the contents of the traffic. How can I configure Wireshark to do this?

This is just to verify that an analytics package is working. I don't have any control over the servers that my app is talking to.

Thanks!

Edit #1: My current Wireshark configuration can see traffic to http://www.duckduckgo.com but not https://www.duckduckgo.com

Answer

Jano picture Jano · Aug 23, 2011

An alternative is using your Mac as a Wi-Fi access point and sniffing the traffic with TCPDump. Here are the steps:

  • Connect your Mac to your router using an Ethernet cable (the Wi-Fi card will be busy working as access point). Or skip this step if you only want to sniff traffic from the app to your own computer.
  • In the Wi-Fi icon of your toolbar, click Create Network. Give it a random name, select security, and set a password.
  • In System Preferences > Sharing set To computers using: Wi-Fi. In Wi-Fi Options... choose the network you created before. In Share your connection from:, choose the interface you are getting Internet from, usually Ethernet.
  • Enable Internet Sharing, and connect to this new Wi-Fi network from your iPhone.
  • Disconnect 3G on your iPhone from Settings > General > Network and check your Internet with Safari. Sometimes it takes a few seconds.
  • In your Mac type sudo tcpdump -s 0 -A -i en1 port 443 > log.txt. Use ifconfig if you have a network interface other than en1. The log generated can also be imported by WireShark (which is a GUI version of tcpdump).
  • Now all Internet traffic from your iPhone will be recorded.

TCPDump is included with all versions of OS X. For other options, see Technical Q&A QA1176 Getting a Packet Trace.