Capturing HTTPS traffic in the clear?

Question

I\'ve got a local application (which I didn\'t write, and can\'t change) that talks to a remote web service. It uses HTTPS, and I\'d like to see what\'s in the traffic.

Answer 1

1. For using https proxy to monitor, it depends on the type of handshake. If you local application does not check the server's certificate by CA's signature which you can not fake, and the server does not check your local application's certificate ( or if you have one to setup on https proxy) then you can set up a https proxy to monitor the https traffic. Otherwise, I think it is impossible to monitor traffic with https proxy.

2. Another way you can try is to add instrumentation probe at the routines of your client program where it send and receive messages from its https library. It needs some reverse engineering work, but should work for you for all situations.