Hello all!
There is a web app i'm trying to sniff the connection to programatically.
While searching how can I decrypt the traffic, I came across squid
ssl-bump feature.
What i'm trying to do eventually is something very similiar to
fiddler, but using squid.
After generating the CERT and KEY using the guide here:
web address:
wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it
Everything worked superb and I even managed to see in the squid's log
entried the POST & GET requests.
Example:
1326447605.479 15 84.94.181.22 TCP_MISS/000 0 GET
https://re.clintonfoundation.org/view.image? - DIRECT/209.67.132.46 -
...
Yet, I haven't managed to decipher the same rows through Wireshark.
This is the line I used in: edit->prederences->protocols->ssl->rsa_key_list:
<some WAN IP>,8080,http,/home/doron/Desktop/cert3/testkey.pem
My key starts with:
"-----BEGIN RSA PRIVATE KEY-----"
So from my knowledge, it should be in the correct format wireshark can decipher.
I hope some of you could please shed some light on this matter.
Received on Fri Jan 13 2012 - 14:34:08 MST
This archive was generated by hypermail 2.2.0 : Sat Jan 14 2012 - 12:00:03 MST