Debugging Encrypted Web

September 26, 2014

Debugging encrypted web traffic can be challenging. You have Chrome Developer Tools but I find that being able to export the data and browse through it in other ways can be easier. I usually use wireshark to browse cleartext web traffic. Now I can use it for encrypted HTTP traffic too. The key is to use mitmproxy along with wireshark’s built-in SSL decryption. Here are the steps to get it working:

  1. Install mitmproxy and get it up and running (We’ll use port 8119 throughout the example here)
  2. Convert the mitmproxy private key you generated into PEM format
    • openssl rsa -in mitmproxy-ca.pem -outform PEM -out mitmproxy-ca.key
  3. Setup wireshark to use the mitmproxy-ca.key to decrypt traffic
  4. Start mitmproxy on port 8119
    • mitmproxy -p 8119
  5. Start wireshark capturing on the lo interface and filter on port 8119
    • wireshark -i lo -f "port 8119" -k
  6. Analyze -> Decode As… -> SSL

You should see the HTTPS traffic in wireshark being automatically decrypted so you can see the layers: TCP, SSL, HTTP.