If you only need to look at the HTTP traffic, I'd suggest you use a local proxy and place it between your client and server. This will establish 2 SSL connections, I between the client and the proxy and a second between the proxy and your server. At the proxy, everything is in the clear. There are a bunch of good (and free) proxy's to do this and keep a log of all the HTTP traffic they pass. My favorite is burp: http://portswigger.net/proxy/ OWASP also has WebScarab: http://www.owasp.org/index.php/OWASP_WebScarab_Project or even Paros: http://www.parosproxy.org/index.shtml
HTH. -- Matt Tesauro On Mon, 2008-06-02 at 11:54 -0400, Joe Flowers wrote: > Hello everyone, > > Does anyone have ideas on how I can get Wireshark to decrypt my > OpenSSL HTTPS client application data? > > I can decrypt the HTTPS traffic OK to the server machine from the > client machine with Wireshark installed on the client machine, where > the HTTPS traffic is initiated from a web browser (IE) on the client > machine. > > BUT, when I try my HTTPS client application (on the client machine, > talking to the server machine), the application seems to work > correctly other than I am not able to see the decrypted data in > Wireshark. This is killing me when trying to troubleshoot this > application on other client machines. > > Is there a trick to getting Wireshark to work with OpenSSL > applications or is there something wrong with my application which > prevents Wireshark from decrypting the data? > > > Thanks for any help or ideas to try! > > Joe > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
