I've got a local application (which I didn't write, and can't change) that talks to a remote web service. It uses HTTPS, and I'd like to see what's in the traffic.
Is there any way I can do this? I'd prefer a Windows system, but I'm happy to set up a proxy on Linux if this makes things easier.
What I'm considering:
- Redirecting the web site by hacking my hosts file (or setting up alternate DNS).
- Installing an HTTPS server on that site, with a self-signed (but trusted) certificate.
- Apparently, WireShark can see what's in HTTPS if you feed it the private key. I've never tried this.
- Somehow, proxy this traffic to the real server (i.e. it's a full-blown man-in-the-middle "attack").
Does this sound sensible? Can WireShark really see what's in HTTPS traffic? Can anyone point me at a suitable proxy (and configuration for same)?