Capturing HTTPS traffic in the clear?

Question

I\'ve got a local application (which I didn\'t write, and can\'t change) that talks to a remote web service. It uses HTTPS, and I\'d like to see what\'s in the traffic.

Answer 1

Wireshark can definitely display TLS/SSL encrypted streams as plaintext. However, you will definitely need the private key of the server to do so. The private key must be added to Wireshark as an SSL option under preferences. Note that this only works if you can follow the SSL stream from the start. It will not work if an SSL connection is reused.

For Internet Explorer this (SSL session reuse) can be avoided by clearing the SSL state using the Internet Options dialog. Other environments may require restarting a browser or even rebooting a system (to avoid SSL session reuse).

The other key constraint is that an RSA cipher must be used. Wireshark can not decode TLS/SSL stream that use DFH (Diffie-Hellman).

Assuming you can satisfy the constraints above, the "Follow SSL Stream" right-click command works rather well.