Re: [squid-users] Trying to decipher HTTPS traffic using Squid's SSL-BUMP‏

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 14 Jan 2012 19:18:13 +1300

On 14/01/2012 3:33 a.m., Benny wrote:
> Hello all!
>
> There is a web app i'm trying to sniff the connection to programatically.
> While searching how can I decrypt the traffic, I came across squid
> ssl-bump feature.
> What i'm trying to do eventually is something very similiar to
> fiddler, but using squid.
>
> After generating the CERT and KEY using the guide here:
>
> web address:
> wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it
>
> Everything worked superb and I even managed to see in the squid's log
> entried the POST& GET requests.
>
> Example:
>
> 1326447605.479 15 84.94.181.22 TCP_MISS/000 0 GET
> https://re.clintonfoundation.org/view.image? - DIRECT/209.67.132.46 -
> ...
>
> Yet, I haven't managed to decipher the same rows through Wireshark.
>
> This is the line I used in: edit->prederences->protocols->ssl->rsa_key_list:
> <some WAN IP>,8080,http,/home/doron/Desktop/cert3/testkey.pem
>
> My key starts with:
> "-----BEGIN RSA PRIVATE KEY-----"
>
> So from my knowledge, it should be in the correct format wireshark can decipher.
>
> I hope some of you could please shed some light on this matter.

This is a question for the wireshark help groups.

Amos
Received on Sat Jan 14 2012 - 06:18:23 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 14 2012 - 12:00:03 MST