Sometime back I had blogged about ClearWatch which is a very handy SSL sniffing tool. Here, you require the Private Key of the Server for decrypting the HTTPS packets.
However often, I end up in situations having to sniff the SSL traffic of Production Systems, where I donot have access to the Private Key.
Now, I have come across another excellent tool called BurpSuite. This tool can do more in the sense that, it can sniff SSL Packets without having to provide the Private Key of the Server. Also, it allows to intercept requests/responses with specific header information and allows us to change the header data whenever required. This tool basically is a special proxy server. One has to configure the browser to go thru this proxy server for sniffing purposes.
Check it out!
Blogging my thoughts 
Hi Karthik, I have been trying with the burp suite tool for sniffing the n/w traffic thrown by my app. It is working and sniffing all the http request but not for HTTPS. I have set the proxy server as localhost:8080.Do i need to change some thing in burpsuite to sniff https traffic as well. Can you help me with this.
LikeLike
Hi Ashish,It works like this… Unless the proxy server has access to the private key of your server, ssl encrypted data cannot be decrypted. So, the way burp suite works is, there are two ssl connections.1. Between your browser(or any client) to Burp Suite Proxy.2. Between Burp Suite Proxy and the ServerNow, since burp suite server is the one initiating the SSL session in point 1, it can decode the data sent from your client.Similarly, w.r.to your server, since Burp Suite is the client, it would be able to decode the data sent by your server. Now, W.r.to your configuration, if you can give me more details on your ports etc…and how you have configured your client to go thru burp suite proxy, I will be able to help you further.
LikeLike
Thanks for your reply.Well the certificate I am using is not a not a self signed certificate. It’s a production certificate. I don’t want to decrypt the data just intercept the SSL request as burp is intercepting HTTP request.So I am just setting localhost:8080 under proxy server (Lan Setting).ThanksAshish
LikeLike
Ensure that you check the option “Use the same proxy server for all protocols” in advanced setting of your LAN settings. I just now verified it and works beautifully.
LikeLike
It is up now. In B/w I have come across another tool Webscrab which seems to be better then BurpSuite. I Think it is allowing more than burpsuite to mehttp://www.owasp.org/index.php/OWASP_WebScarab_ProjectCheck it outThanks
LikeLike
nice post.. I needed exactly this to alalyze HTTPS communication.Thanks
LikeLike
I'm intending to intercept and view the messages from a VMware vSphere Client to ESXi server.
They use standard ports for http(80)/https(443).
Do you know which settings need to be set/changed in burp suite from default in order to intercept these messages?
LikeLike
Kim,
Are you saying they ARE using standard ports or they ARE NOT? Either way, I dont think you have to change in Burpsute. In Burpsuite, you just configure what port is your Burpsuite Proxy Server is going to listen to…after which you will change your browser proxy server setting pointing to the burpsuite proxy server.
LikeLike