Debugging Encrypted Web

September 26, 2014

Debugging encrypted web traffic can be challenging. You have Chrome Developer Tools but I find that being able to export the data and browse through it in other ways can be easier. I usually use wireshark to browse cleartext web traffic. Now I can use it for encrypted HTTP traffic too. The key is to use mitmproxy along with wireshark’s built-in SSL decryption. Here are the steps to get it working:

1. Install mitmproxy and get it up and running (We’ll use port 8119 throughout the example here)
2. Convert the mitmproxy private key you generated into PEM format
   • openssl rsa -in mitmproxy-ca.pem -outform PEM -out mitmproxy-ca.key
3. Setup wireshark to use the mitmproxy-ca.key to decrypt traffic
4. Start mitmproxy on port 8119
   • mitmproxy -p 8119
5. Start wireshark capturing on the lo interface and filter on port 8119
   • wireshark -i lo -f "port 8119" -k
6. Analyze -> Decode As… -> SSL

You should see the HTTPS traffic in wireshark being automatically decrypted so you can see the layers: TCP, SSL, HTTP.