Hello all!
There is a web app i'm trying to sniff the connection to programatically.
While searching how can I decrypt the traffic, I came across squid ssl-bump feature.
What i'm trying to do eventually is something very similiar to fiddler, but using squid.
After generating the CERT and KEY using the guide here:
web address:
wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it
Everything worked superb and I even managed to see in the squid's log entried the POST & GET requests.
Example:
Code:
1326447584.967 5 84.94.181.22 TCP_MISS/000 0 GET https://re.clintonfoundation.org/view.image? - DIRECT/209.67.132.46 -
1326447589.037 28 84.94.181.22 TCP_MISS/000 0 GET https://re.clintonfoundation.org/view.image?- DIRECT/209.67.132.46 -
1326447599.816 5 84.94.181.22 TCP_MISS/000 0 GET https://re.clintonfoundation.org/view.image? - DIRECT/209.67.132.46 -
1326447605.479 15 84.94.181.22 TCP_MISS/000 0 GET https://re.clintonfoundation.org/view.image? - DIRECT/209.67.132.46 -
Yet, I haven't managed to decipher the same rows through Wireshark.
This is the line I used in: edit->prederences->protocols->ssl->rsa_key_list:
<some WAN IP>,8080,http,/home/doron/Desktop/cert3/testkey.pem
My key starts with:
"-----BEGIN RSA PRIVATE KEY-----"
So from my knowledge, it should be in the correct format wireshark can decipher.
I hope some of you could please shed some light on this matter.