Home/ Questions/Q 6024359
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T04:08:38+00:00

I have a client application that connects to a web service over https. I

  • 0

I have a client application that connects to a web service over https. I need to “sniff” all the network traffic between web service and my client to check if everything is okay, i.e, i have to debug the connection.

I have tried Wireshark but since I do not have server private key, data shown on wireshark screen is, of course, encrypted.

Is there a way to observe ssl network traffic between my client and web service when I do not have access to server itself and therefore private keys and other related stuff?

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    See this: Debugging SSL communications.

    I know theoretically it can be done – you can setup a proxy that communicates with the target web-service, point your application to connect via this proxy. Its a known limitation – Https assumes you trust all proxy and certificates installed on your machine. Its a form of Man-in-the-middle attack.

    See if Fiddler would be of some use.

    Man-in-the-middle attacks

    In a
    man-in-the-middle attack, the attacker
    intercepts user traffic to capture
    credentials and other relevant
    information. The attacker then uses
    this information to access the actual
    destination network. During the
    process, the attacker typically serves
    as a proxy/gateway that presents a
    false SSL VPN site to the user; this
    proxy/gateway passes whatever
    authentication the user enters on to
    the real destination site.

    • 0