Sniff POST variables through HTTPS

Question

I am trying to reverse engineer a script so I can submit a form using Mechanize. The form is using some weird Javascript form upload script that I just can't seem to understand. So I was thinking I would sniff the traffic going from my browser to the server.

First of all, is this even possible? If so, what would be a good way to do it? I have tried Wireshark with the filter 'http.request.method == "POST"', but it doesn't seem to work.

score 9 · Answer 1 · answered Apr 29 '11 at 02:42

All HTTP traffic using HTTPS over TLS is encrypted, POST parameters included. You will need to configure Wireshark especially for this: http://wiki.wireshark.org/SSL and it is not likely that you will have access to the keys necessary to decrypt the traffic unless you own the HTTPS server.

score 4 · Answer 2 · answered Apr 29 '11 at 02:42

You won't be able to get the request data using Wireshark. That's the point of HTTPS.

You should be able to use the Firebug extension for Firefox to monitor the requests your browser makes. It shows request and response headers, as well as form data.

Firebug

Mike Pennington · Accepted Answer · 2012-11-15T22:08:48.083

I use the HTTP Live Headers Plugin for Firefox. This is a sample capture from HTTP Live Headers

POST /Login HTTP/1.1
Host: signup.netflix.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://signup.netflix.com/Login?country=1&rdirfdc=true
--->Insert lots of private stuff here
Content-Type: application/x-www-form-urlencoded
Content-Length: 168
authURL=sOmELoNgTeXtStRiNg&nextpage=&SubmitButton=true&country=1&email=EmAiLAdDrEsS%40sOmEMaIlProvider.com&password=UnEnCoDeDpAsSwOrD

score 3 · Answer 4 · answered Apr 29 '11 at 03:17

3

http://www.fiddler2.com will allow you to see the unencrypted traffic. Or you can use the F12 Developer Tools built into IE9.

answered Apr 29 '11 at 03:17

EricLaw

56,563
7
151
196

+1 for Fiddler, but it looks like overkill for his requirements. – Mike Pennington Apr 29 '11 at 03:26

score 2 · Answer 5 · answered Apr 29 '11 at 02:41

2

You can sniff SSL traffic, but it will be quite the trick to figure out what data is in it. You would probably have better luck posting the java script and asking a specific question about it... i.e. the part you don't understand.

If you're trying to do something unethical, it's probably best that you just let it go.

answered Apr 29 '11 at 02:41

Mikecito

2,053
11
17

3

The only thing unethical is the company that I am trying to sniff. FFFFFUUUUUU Steve Jobs. – dan-klasson Apr 30 '11 at 03:36

score 1 · Answer 6 · answered Jun 28 '11 at 13:52

1

I use Firefug to analyze requests.

Sometimes i need to sniff https traffic, and i do it with Charles Proxy firefox plugin.

answered Jun 28 '11 at 13:52

Francisco R

4,032
1
22
37

Sniff POST variables through HTTPS

6 Answers6