![]() I should note that I have considered simply adding logging into the Java code base, but would ultimately prefer the ground truth of a packet capture over logging, as I might miss/omit something important in the logging of a code base I don't fully understand. My question is, how in practice would I configure wireshark to decrypt the SSL traffic for the scenario I have just described? Is there a specific key HttpsURLConnection uses that I can add to Wireshark? Is there something else? I do however control the client the program is running on. I do not control the server and so cannot access its private key. My understanding is that Wireshark supports decrypting some SSL traffic if you have the relevant key(s). ![]() What I would like to be able to do is inspect what is happening on the wire using Wireshark. ![]() Looking through the source code of the Java program, it appears to be using the HttpsURLConnection class to pull data from the server over SSL. the right bits are never making it to the client. I'm not going to go over the basics, but there are a couple of points. Traffic inspected at the AP has neither, you need to be able to see the comms at the client, or proxy the comms to the server. I am trying to establish whether the problem I am experiencing is network-related - i.e. To decrypt SSL you need to have the private or session key from the session you are trying to inspect. In the course of the program's operations, it contacts a server to pull data down, but it's not displaying the correct data. I am trying to use a GUI Java program written by someone else that is not behaving as I would expect.
0 Comments
Leave a Reply. |