I've used Microsoft Network Monitor 3.x before for various reasons but realized today I don't know how to tell the URL inside a conversation. I've got it set for "Windows" Parser Profile and I see a list of TCP and TLS packets, but was hoping there was an easy trick to decipher the HTTP URL requested in the packet details. Fiddler isn't showing me anything for this app accessing the web so I've resorted to netmon which shows me conversations but not sure how to dig out URL's, if possible.
Asked
Active
Viewed 9,609 times
2 Answers
1
There is an open source NetMon "expert" that can decrypt SSL. As long as you're using one of the cipher suites it supports and, obviously, you have the appropriate private key you should be able to decrypt the traffic.
Evan Anderson
- 141,881
- 20
- 196
- 331
-
That's a good start but don't know what to use as the key for the BPA app. – Bret Fisher Mar 16 '11 at 17:31
-
You need the private key from the remote server. If you don't have that then you won't be able to decrypt the traffic. You can't just arbitrarily decrypt SSL traffic w/o the keys used to establish the secure channel (since that's the point of SSL). – Evan Anderson Mar 16 '11 at 18:04
-
I guess what I meant was does Windows have a default SSL key of sorts for apps? I imagine what I want is the private key locally of what is coming in/out of the client app. I understand PKI well but not sure how Windows apps manage their keys. Is there a default IE one I could at least try? This could be a separate SF question I know. – Bret Fisher Mar 21 '11 at 23:39
1
"Microsoft Network Monitor" does not decode https traffic.
You may use an internet monitoring program(for example: WFilter, websense) instead.
gengw2000
- 51
- 3