tags:

views:

39

answers:

2
Q: 

How to catch https data before send?

How can i catch https data(for example email) from browser before they are encrypted with ssl and send to the network? does anyone have idea?

I am looking for programmatical solution. How it works. I am not looking for any program,want to make my own.

Thx.

A: 

If you need it for debugging, use Firebug or Fiddler.

Firebug

You can watch requests and responses in the "Network" panel, HTTPS traffic too.

Fiddler

Fiddler allows you to watch traffic from any application, but you need to install a fake certificate in order to watch HTTPS traffic.

leoluk  2010-06-10 18:58:35
i eddited my question, i dont want tp use any program. I am interested in how it really works to make my own program
Rampage  2010-06-10 19:02:06
+1  A: 

The author of Fiddler has written an article about how they implemented the HTTPS capturing and decryption in Fiddler itself that will most likely be useful to you. Here's an excerpt:

Q: The HTTPS protocol was designed to prevent traffic viewing and tampering. Given that, how can Fiddler2 debug HTTPS traffic?

A: Fiddler2 relies on a "man-in-the-middle" approach to HTTPS interception. To your web browser, Fiddler2 claims to be the secure web server, and to the web server, Fiddler2 mimics the web browser. In order to pretend to be the web server, Fiddler2 dynamically generates a HTTPS certificate [...]

bzlm  2010-06-10 19:20:12
aa, thats what i am looking for,thx, can you fix the link on that article?
Rampage  2010-06-10 20:17:06
if you have any other idea instead of proxy, please let me know :P
Rampage  2010-06-10 20:25:08
@Dun Sorry about the link; it's fixed now. I think it will be easier with *some* kind of proxy, perhaps not just a full-fledged interactive proxy with a GUI. Writing a sniffer will be too much hassle IMHO. If you write a proxy, the browser will do all the hard work for you.
bzlm  2010-06-11 17:49:20

related questions

How would you implement a secure static login credentials system in Java?
Blocking https url's in a embedded gecko browser
Restrict Apache to only allow access using SSL for some directories
How to put up an off-the-shelf https to http gateway?
Rails SSL Requirement plugin -- shouldn't it check to see if you're in production mode before redirecting to https?
What's the best way to learn server RESTful code?
Force HTTPS. How is it possible?
How can I get LWP to validate SSL server certificates?
What must I do to make content such as images served over HTTPS be cached client-side?
What does a PHP developer need to know about https / secure socket layer connections?
What's a clean/simple way to ensure the security of a page?
Making sure a web page is not cached, across all browsers.
Best way in asp.net to force https for an entire site?
Any way to handle Put and Delete verbs in ASP.Net MVC?
Response.Redirect with POST instead of Get?
How to get the correct Content-Length for a POST request.
IIS7: HTTP->HTTPS Cleanly
[ASP.NET ERROR] The request was aborted: Could not create SSL/TLS secure channel.
Testing HTTPS files with MAMP
How do banks remember "your computer"?
Avoid traffic shaping by using ssh on port 443
Convince Firefox to send an If-Modified-Since header over HTTPS
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
Options for Google Maps over SSL