I have been trying to inspect all the traffic going through my machine. I have a server directly connected to Internet. And I would like to log all the youtube request made on internet with the URL.
As youtube is based on SSL, so I must need to inspect the HTTPS traffic. I have read it somewhere that I must need to create MITM attack on my own server in order to view the HTTPS request. I have followed following steps in order to create a certificate I own.
1 - Generate a 2048 bit RSA Key: openssl genrsa -des3 -out private.pem 2048
2 - Export the RSA Public Key to a File: openssl rsa -in private.pem -outform PEM -pubout -out public.pem
3 - Check The public key File (Certificate) Now: less public.pem
4 - Export the RSA Public Key to a File: openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM -pubout
5 - Check The Private File Now: less private.pem
6 - Copied certificate into certificate directory
7 - Configure certificate by using following command: sudo dpkg-reconfigure ca-certificates
In the end executed all the possible ways available:
mitmproxy -T
Above command open a console application and I accessed all the HTTPs sites but no effect on this window. And
sudo ssldump -Ad -k cert.pem -p password -i wlo1
This command just printed some handshake stuff in console and after that terminated. But, nothing is related to URL.
And
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 1024
sudo sslstrip -l 1024
This commands keep on listening but, nothing comes out as a result in sslstrip.log file.
I am using all these things with Ubuntu 15 and want to dump ssl request in transparent mode i.e. without setting up proxy on client's machine.
