Thanks for the specific detail and recommendations Matt. Yes, this will help for sure.
Thank you! Joe On Wed, Jun 4, 2008 at 9:21 AM, Matt Tesauro <[EMAIL PROTECTED]> wrote: > If you only need to look at the HTTP traffic, I'd suggest you use a > local proxy and place it between your client and server. This will > establish 2 SSL connections, I between the client and the proxy and a > second between the proxy and your server. At the proxy, everything is > in the clear. There are a bunch of good (and free) proxy's to do this > and keep a log of all the HTTP traffic they pass. My favorite is burp: > http://portswigger.net/proxy/ > OWASP also has WebScarab: > http://www.owasp.org/index.php/OWASP_WebScarab_Project > or even Paros: > http://www.parosproxy.org/index.shtml > > HTH. > > -- Matt Tesauro > > On Mon, 2008-06-02 at 11:54 -0400, Joe Flowers wrote: > > Hello everyone, > > > > Does anyone have ideas on how I can get Wireshark to decrypt my > > OpenSSL HTTPS client application data? > > > > I can decrypt the HTTPS traffic OK to the server machine from the > > client machine with Wireshark installed on the client machine, where > > the HTTPS traffic is initiated from a web browser (IE) on the client > > machine. > > > > BUT, when I try my HTTPS client application (on the client machine, > > talking to the server machine), the application seems to work > > correctly other than I am not able to see the decrypted data in > > Wireshark. This is killing me when trying to troubleshoot this > > application on other client machines. > > > > Is there a trick to getting Wireshark to work with OpenSSL > > applications or is there something wrong with my application which > > prevents Wireshark from decrypting the data? > > > > > > Thanks for any help or ideas to try! > > > > Joe > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
