[squid-users] Trying to decipher HTTPS traffic using Squid's SSL-BUMP‏

From: Benny <hello2you2_at_gmail.com>
Date: Fri, 13 Jan 2012 16:33:59 +0200

Hello all!

There is a web app i'm trying to sniff the connection to programatically.
While searching how can I decrypt the traffic, I came across squid
ssl-bump feature.
What i'm trying to do eventually is something very similiar to
fiddler, but using squid.

After generating the CERT and KEY using the guide here:

web address:
wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it

Everything worked superb and I even managed to see in the squid's log
entried the POST & GET requests.

Example:

1326447605.479 15 84.94.181.22 TCP_MISS/000 0 GET
https://re.clintonfoundation.org/view.image? - DIRECT/209.67.132.46 -
...

Yet, I haven't managed to decipher the same rows through Wireshark.

This is the line I used in: edit->prederences->protocols->ssl->rsa_key_list:
<some WAN IP>,8080,http,/home/doron/Desktop/cert3/testkey.pem

My key starts with:
"-----BEGIN RSA PRIVATE KEY-----"

So from my knowledge, it should be in the correct format wireshark can decipher.

I hope some of you could please shed some light on this matter.
Received on Fri Jan 13 2012 - 14:34:08 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 14 2012 - 12:00:03 MST