jnetpcap to capture HTTPS traffic

Question

I am developing a simple Sniffer system for the first time using jnetpcap. I adapted some codes and I can currently read HTTP traffic (port 80) and print its fields.

private void packetHandler(){
    jpacketHandler = new PcapPacketHandler<String>() {   
    Http httpheader = new Http();

    public void nextPacket(PcapPacket packet, String user) {  
        if(packet.hasHeader(httpheader)){
            System.out.println(httpheader.toString());
            if(httpheader.hasPayload()){
               System.out.println("HTTP payload: (string length is "
                     +new String(httpheader.getPayload()).length()+")");
               System.out.println(new String(httpheader.getPayload()));
               System.out.println("HTTP truncated? "
                     +httpheader.isPayloadTruncated());
            }
            //System.out.println(packet.toString());
        }}

    }; 
}

And then I loop through it. How can I handle HTTPS (port 443) packets using jnetpcap?

Answer 1

Here is how I did it. You can at least see the Handshake, after that its over, but jnetpcap can not handle the data, so you will just have the Hexdump and the ASCII of that. It's not nice formatted like with packet.toString() ;) So in your nextPacket:

    if (packet.hasHeader(tcp)) {  
      * tcpst = "Dport: "+tcp.destination()+"; Sport: "+tcp.source();
      int payloadstart = tcp.getOffset() + tcp.size();
      JBuffer buffer = new JBuffer(64 * 1024);
      buffer.peer(packet, payloadstart, packet.size() - payloadstart);
      payload = buffer.toHexdump(packet.size(), false, true, true);
    }

payloadstart is beginning of tcp header + the size of the tcp header.
buffer.peer copies bytes (from packet, starting at, number of bytes).
payload is a string. toHexdump(how many bytes,address on/off, ASCII on/off, HEX on/off)

*I just print the ports out late in my prog for testing reasons. But you could make an if statement and check the ports and if one of them is 443 you could do the rest.