Yet another SSL Sniffing Tool

Sometime back I had blogged about ClearWatch which is a very handy SSL sniffing tool. Here, you require the Private Key of the Server for decrypting the HTTPS packets.

However often, I end up in situations having to sniff the SSL traffic of Production Systems, where I donot have access to the Private Key.

Now, I have come across another excellent tool called BurpSuite. This tool can do more in the sense that, it can sniff SSL Packets without having to provide the Private Key of the Server. Also, it allows to intercept requests/responses with specific header information and allows us to change the header data whenever required. This tool basically is a special proxy server. One has to configure the browser to go thru this proxy server for sniffing purposes.

Check it out!