6

I'm able to make HTTP requests on my local host using client certificates.

I have some logic in my code that can make two requests use the same certificate for their requests, or not, depending on certain conditions.

My localhost is currently pointing to the default 'Welcome to IIS' page.

Is there any way to use Wireshark to detect if the client certificates that are being sent from my machine in separate requests are the same or not?

PS: If someone can suggest a better way of achieving what I'm trying to do here, that'd work as well. I don't necessarily need to use Wireshark. My main objective is to figure if two different requests are sending the same cert or not, as I've mentioned here: How do I monitor client certs that are being sent via the requests?

Thanks!

Community
  • 1
  • 1
GrowinMan
  • 4,891
  • 12
  • 41
  • 58
  • 2
    The client certificate will be used to establish the SSL/TLS connection. It will *not* be used in subsequent HTTP requests. For subsequent HTTP requests, you will use a cookie or token provided by the server after authentication with the client certificate. – jww Aug 01 '14 at 16:59
  • Right. But when the connection is established initially - that's when I'd like to check which certs are used. – GrowinMan Aug 01 '14 at 17:11

1 Answers1

6

I found a way to do this. This guide helped, in summary, yes, you can use Wireshark to examine what client certificates are being sent from the client (or received on the server).

You need to start capturing traffic on Wireshark, only for the period of time when the request(s) is made and processed, and then add the appropriate filters to filter based on the protocol. In my case, I filtered it based on the IP address of the sender and receiver because I knew both.

You'll need the server's certificate to decrypt the messages because they'll be transmitted in encrypted format. You can easily do that by going to Edit -> Preferences. Select Protocols from the menu on the left -> SSL -> Click edit. Add the server's cert and IP, and save the settings.

David W
  • 10,062
  • 34
  • 60
GrowinMan
  • 4,891
  • 12
  • 41
  • 58
  • You mean Server Certificates are received in non-encrypted stream but client certificate are send in encrypted format? – abhiarora Jan 09 '20 at 16:37
  • I am also looking to achieve the same thing as you are! – abhiarora Jan 09 '20 at 16:38
  • @abhiarora the client certificate is sent before sending the encrypted message. This might help: https://www.ibm.com/docs/en/sdk-java-technology/7.1?topic=handshake-tls-12-protocol – benk Dec 02 '21 at 09:05