views:

129

answers:

3

I would like to read the information a java application in firefox is sending to a website over an ssl connection.

I am using WireShark, and I believe that if I can somehow tell tell wireshark what encryption key firefox is using, then wireshark will be able to decrypt the ssl messages.

Then I will exactly what information this website is getting about my computer.

My apologies if the question is vague ... any pointers on where to start looking for clues would be appreciated.

+2  A: 

Not really programming related.

However in order to do this you'll need the certificate for the site your application is connecting to, both the public and the private key parts - so if it's not a site you own then you'd not going to be able to do it. If you control the receiving web site then simply follow the instructions on the wireshark wiki.

blowdart
no, i don't own the site. Thanks very much :)
bboyle1234
A: 

The java application would encrypt all information with the server's public (SSL) certificate (at least as far as you are concerned). For all practical purposes the only way to decrypt this afterwards is to know the server's private key which you apparently do not have and therefore there is no way that you can decrypt it.

To answer your comment about whether to use your computer's private key:

If this is a "normal" SSL connection, the client (java app) will contact the server and receive its public key, verify it's valid (signed by a trusted CA) and then use it to negotiate a symmetric key that is used for encryption.

Public/Private keys work in a way that everything encrypted by one key can only be decrypted by the other - i.e. everything the Java app encrypts using the server's public key, can only be decrypted using the private key - which never leaves the server.

SSL/TLS supports client certificates, in which the Java app can have its own key pair and use its private key to sign the contents in order to verify the authenticity of itself. However even if the Java app does that (doubtful) it does not help as the data will still be encrypted so that only the server can decrypt it.

Background reading: http://en.wikipedia.org/wiki/Transport_Layer_Security and http://en.wikipedia.org/wiki/Public-key_cryptography

dseifert
ok. Are you saying it's not enough to know the private key used by my own computer?
bboyle1234
+1  A: 

Assuming that you're not trying to do this programmatically, but instead just want to view headers whilst debugging, you could use Charles:

http://www.charlesproxy.com/

There's a fair bit of information here about how to set it up to decrypt SSL traffic:

http://www.charlesproxy.com/documentation/using-charles/ssl-proxying/

Joe
Thanks Joe! I'll spend some more time checking out Charles. It looks great from an initial glance. I'm very grateful.
bboyle1234