How can I configure Wireshark to see HTTPS traffic?
Solution 1
An alternative is using your Mac as a Wi-Fi access point and sniffing the traffic with TCPDump. Here are the steps:
- Connect your Mac to your router using an Ethernet cable (the Wi-Fi card will be busy working as access point). Or skip this step if you only want to sniff traffic from the app to your own computer.
- In the Wi-Fi icon of your toolbar, click
Create Network
. Give it a random name, select security, and set a password. - In
System Preferences > Sharing
setTo computers using: Wi-Fi
. InWi-Fi Options...
choose the network you created before. InShare your connection from:
, choose the interface you are getting Internet from, usually Ethernet. - Enable
Internet Sharing
, and connect to this new Wi-Fi network from your iPhone. - Disconnect 3G on your iPhone from
Settings > General > Network
and check your Internet with Safari. Sometimes it takes a few seconds. - In your Mac type
sudo tcpdump -s 0 -A -i en1 port 443 > log.txt
. Useifconfig
if you have a network interface other than en1. The log generated can also be imported by WireShark (which is a GUI version of tcpdump). - Now all Internet traffic from your iPhone will be recorded.
TCPDump is included with all versions of OS X. For other options, see Technical Q&A QA1176 Getting a Packet Trace.
Solution 2
Set following as a filter after you've started capturing the appropriate network interface:
tcp.port == 443 || tcp.port == 80
This will ensure display of data for only http & https connections that you can further inspect.
Solution 3
If you want to decrypt the SSL traffic in order to listen in on it, have a look at the Wireshark Wiki. The explanation is a bit longer, but enables you to decrypt SSL traffic.
You also might want to listen on port 443 instead of 80.. :-)
Solution 4
Yes. Wireshark can watch any and all ethernet traffic made available to it. The issue to solve is whether the machine running Wireshark will see all of the ethernet traffic you are interested in detecting the presence of.
Related videos on Youtube
Comments
-
SundayMonday over 3 years
I'm testing an iOS application and I just want to see when HTTPS traffic is sent. I'm not interested in the contents of the traffic. How can I configure Wireshark to do this?
This is just to verify that an analytics package is working. I don't have any control over the servers that my app is talking to.
Thanks!
Edit #1: My current Wireshark configuration can see traffic to http://www.duckduckgo.com but not https://www.duckduckgo.com
-
Ciro Santilli OurBigBook.com over 9 yearsPossibly same on server fault: serverfault.com/questions/263530/…
-
-
SundayMonday over 12 yearsOk. How can I configure my machine and/or Wireshark to see HTTPS traffic?
-
Andy Finkenstadt over 12 yearsHTTPS usually travels across port 443, rather than HTTP traffic on port 80. What happens if you set your wireshark configuration to watch ALL traffic, and not just specific ports' worth of traffic?
-
SundayMonday over 12 yearsCool! I can see HTTPS traffic in my log file. How can I determine which traffic is coming from the iOS device?
-
Jano over 12 yearsYou get lines like
14:18:52.276484 IP 89.17.221.55.http > 10.0.2.2.49502
one of those is the IP of your device, that you can look up going to Settings > Wi-Fi and pressing the arrow on the network you are connected to. It's easier to read if you bother to install tcpflow. You have to installi macports and then dosudo port install tcpflow
, usage is:sudo tcpflow -i en1 port 443
. -
zaph almost 11 yearsStill no answer to the OP's question: "How can I configure".