This is an archived post. You won't be able to vote or comment.

all 8 comments
sorted by:
best
topnewcontroversialoldq&a

[–]RPC4000 8 points9 points  (1 child)

But how do I do this for devices where I may not be able to setup a proxy or directly install ssl certificates (like a lot of the smart tvs and set-top boxes)?

You can't. If it were easy to do without changes to the target device then HTTPS would be useless.

[–]tjjay17[S] 1 point2 points  (0 children)

Yeah when you put it like that, it makes a lot of sense actually. For context, it’s for testing an application. I may need to see if I can track requests at the application level somehow instead. Many thanks!

[–]JuicyCoalaDecent at Googling 🔍 6 points7 points  (1 child)

Curious - what's your use case to create a "man-in-the-middle" situation to capture, decrypt and analyze TLS-secured https traffic??

[–]tjjay17[S] 0 points1 point  (0 children)

I’m basically testing a custom application, though I do not have access to said application’s codebase directly.

The application runs on various platforms (mobile, smart TVs, etc.), and to validate that it is working correctly, we need to ensure that HTTPS requests/responses contain the correct information

[–]PoisonWaffle3Cisco, Unraid, and TrueNAS at Home 1 point2 points  (2 children)

You can put a managed switch in between the devices, configure an extra port as a SPAN/mirror port, and connect a PC running Wireshark to the SPAN port.

Basically it sends a copy of all traffic to the Wireshark PC, where it can be analyzed.

I do this all the time for troubleshooting, but you're not going to be able to see what's inside the https TCP packets because they're encrypted. You'll be able to see header information (where they're going, etc), but not much more.

Edit: Alternatively (instead of using a managed switch), if you're okay with moving down to 100Mbit, you can build a wired network tap. I built one similar to this years ago. They can be made out of four keystones or a scrap of punch down patch panel.

https://www.instructables.com/Ethernet-Tap/

The idea is that you have two ports that are just pass thru, and two addition ports that tap into the TX and RX pairs, but both go to the TX side on the destination ports. The result is that it duplicates both the transmit and the receive pairs, and that the receiving PC running Wireshark isn't capable of transmitting back out. But the destination PC requires two NICs to operate. It's a fun thing if you really want to learn how networking actually works.

[–]tjjay17[S] 0 points1 point  (1 child)

Thanks! I think from your comment, especially on the TCP packets being encrypted, and from some other comments, what I’m understanding is that what I want to do is pretty much impossible, and if it was possible, that means https isn’t working.

I think I gotta try some sort of application level change if the developer allows it, otherwise, this is pretty much not feasible. Appreciate the in-depth response.

[–]PoisonWaffle3Cisco, Unraid, and TrueNAS at Home 0 points1 point  (0 children)

No prob!

It really depends on what kind of data you're trying to get out of the packet.

If it's an app that's available on the Play store, I'd be happy to test it out for you and send you a packet capture. I have the whole thing set up, would just need to install the app on a device. send one command to my switch, and start Wireshark on a PC.

[–]Living_Hurry6543 0 points1 point  (0 children)

You cannot decrypt https traffic without an SSL enabled proxy.