how to debug an ssl connection?
I have a client application that connects to a web service over https. I need to "sniff" all the network traffic between web service and my client to check if everything is okay, i.e, i have to debug the connection.
I have tried Wireshark but since I do not have server private key, data shown on wireshark screen is, of course, encrypted.
Is there a way to observe ssl network traffic between my client and web service when I do not have access to server itself and therefore private keys and other related stuff?
Thanks in advance.
Answer
See this: Debugging SSL communications.
I know theoretically it can be done - you can setup a proxy that communicates with the target web-service, point your application to connect via this proxy. Its a known limitation - Https assumes you trust all proxy and certificates installed on your machine. Its a form of Man-in-the-middle attack.
See if Fiddler would be of some use.
In a man-in-the-middle attack, the attacker intercepts user traffic to capture credentials and other relevant information. The attacker then uses this information to access the actual destination network. During the process, the attacker typically serves as a proxy/gateway that presents a false SSL VPN site to the user; this proxy/gateway passes whatever authentication the user enters on to the real destination site.