0

Here's my setup:

Client ---> VPN 1 (my pc, same subnet of the client) --> VPN 2 (external VPN) --> Internet

Both VPNs are L2TP/IPSec and the first one is an Ubuntu server with Openswan.

I need to record the HTTP requests and responses of each client, so I need to be able to read them before they're encrypted and sent to the second VPN.

So, since the first VPN is on my PC, I thought that I could be able to log the packets here.

But how can I do it?

Is there any way to get them after they're decrypted by the first VPN and before they're encrypted to be sent to the second one?

MadHatter
  • 79,770
  • 20
  • 184
  • 232
StepTNT
  • 123
  • 2
  • 7

2 Answers2

2

You could use tshark and the related tools to capture the packets on the interface between your PC and the client and analyze them.

You may get some milage out of Charles too, which is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP ...

user9517
  • 115,471
  • 20
  • 215
  • 297
1

While @iain's answer is perfectly correct, assuming your client is a windows system I would suggest you use fiddler for this instead. tcpdump/tshark/wireshark is a great tool for general network sniffing but fiddler is specifically designed for debugging http(s).

Stephane
  • 6,432
  • 3
  • 26
  • 47
  • Clients are both Windows and Linux (generally Ubuntu) machines, but I need to get packets on the VPN 1 pc which is an Ubuntu server, so no Fiddler :) – StepTNT Mar 21 '13 at 10:01
  • I kind of assumed the PC was Linux due to it running OpenSwan and iptables but your right about fiddler. – user9517 Mar 21 '13 at 10:02
  • 1
    Fair enough. In that case, install tcpdump on the VPN1 machine and use the -i option to have it sniff on the internal interface: that'll give you the cleartext of what's going on the VPN. You'll most likely need to craft a filter for the traffic you want to see but that's isn't too hard. If you have problem, ask a specific question about the filter and someone (me?) will answer: it's usually easy stuff. – Stephane Mar 21 '13 at 10:04