Yet another SSL Sniffing Tool

Sometime back I had blogged about ClearWatch which is a very handy SSL sniffing tool. Here, you require the Private Key of the Server for decrypting the HTTPS packets.

However often, I end up in situations having to sniff the SSL traffic of Production Systems, where I donot have access to the Private Key.

Now, I have come across another excellent tool called BurpSuite. This tool can do more in the sense that, it can sniff SSL Packets without having to provide the Private Key of the Server. Also, it allows to intercept requests/responses with specific header information and allows us to change the header data whenever required. This tool basically is a special proxy server. One has to configure the browser to go thru this proxy server for sniffing purposes.

Check it out!

8 thoughts on “Yet another SSL Sniffing Tool

  1. Hi Karthik, I have been trying with the burp suite tool for sniffing the n/w traffic thrown by my app. It is working and sniffing all the http request but not for HTTPS. I have set the proxy server as localhost:8080.Do i need to change some thing in burpsuite to sniff https traffic as well. Can you help me with this.

    Like

  2. Hi Ashish,It works like this… Unless the proxy server has access to the private key of your server, ssl encrypted data cannot be decrypted. So, the way burp suite works is, there are two ssl connections.1. Between your browser(or any client) to Burp Suite Proxy.2. Between Burp Suite Proxy and the ServerNow, since burp suite server is the one initiating the SSL session in point 1, it can decode the data sent from your client.Similarly, w.r.to your server, since Burp Suite is the client, it would be able to decode the data sent by your server. Now, W.r.to your configuration, if you can give me more details on your ports etc…and how you have configured your client to go thru burp suite proxy, I will be able to help you further.

    Like

  3. Thanks for your reply.Well the certificate I am using is not a not a self signed certificate. It’s a production certificate. I don’t want to decrypt the data just intercept the SSL request as burp is intercepting HTTP request.So I am just setting localhost:8080 under proxy server (Lan Setting).ThanksAshish

    Like

  4. I'm intending to intercept and view the messages from a VMware vSphere Client to ESXi server.
    They use standard ports for http(80)/https(443).
    Do you know which settings need to be set/changed in burp suite from default in order to intercept these messages?

    Like

  5. Kim,

    Are you saying they ARE using standard ports or they ARE NOT? Either way, I dont think you have to change in Burpsute. In Burpsuite, you just configure what port is your Burpsuite Proxy Server is going to listen to…after which you will change your browser proxy server setting pointing to the burpsuite proxy server.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s