2

Im executing a CURL command on a php application running on my nginx server (centOS). The end point is a https address so the outgoing traffic is of course encrypted.

I want to see the network packets that are actually getting send to the end point using tcpDump to sniff the outgoing traffic. But the result of this is just a bunch of encrypted data.

Is there a way to see this packets before they get encrypted?

DomingoSL
  • 365
  • 1
  • 4
  • 13

1 Answers1

5

Do you control the remote server?

If you have its private key, you can decrypt the HTTPS data in Wireshark (have tcpdump write to a file with -w then open it in Wireshark).

Otherwise, probably your best bet is to pump your traffic through an HTTPS proxy that can decrypt the data - check out Fiddler.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251