Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL Traffic Sniff

I have been searching for a way to sniff SSL traffic on a Windows platform, but cannot find anything worthwhile.

Any suggestions?

5 REPLIES
Gold

Re: SSL Traffic Sniff

Do you mean the windows box is the client in the SSL connection? If so, I like webscarab (assumes this is HTTPS).

http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

There are others too, websleuth is one I recall. You could even use the firefox extension TamperData, depending on your needs.

New Member

Re: SSL Traffic Sniff

I am glad that you asked as I have had a little time to think about it.

Windows clients hit a CSS 11500 with is using Source NATing and encryption on the front end. When the request originates from the CSS, it hits Windows servers.

We have a couple of users that are seeing abnormal reactions with web browser and need to "see" what is going on.

Since I setup our CSS's and SSL certs, I figured that I would be able to sniff the traffic and "see" the issues.

Gold

Re: SSL Traffic Sniff

If the CSS is just doing NAT, then the SSL endpoints are the clients and the windows servers. All the CSS sees is a stream of encrypted packets. There are solutions that allow you to load your SSL certs and then sniff the traffic and decrypt it, but I can't imagine using them just for troubleshooting purposes. Tealeaf is one of them (http://www.tealeaf.com/).

You can still use webscarab, just bear in mind that it acts as an HTTP proxy (i.e. it becomes the client to the windows server)...and this may very well impact the abnormal behavior your were seeing.

New Member

Re: SSL Traffic Sniff

Thanks for the advice on products, might be waht we are looking for; however, in the past, I used SSLDump to "sniff" streams, but cannot seem to find the necessary files online to comile another version for Windows.

Q. How would a SSL sniff be used as a troubleshooting tool?

A. Sniffing SSL traffic will allow me to see what the client and the servers, via the CSS, are doing in the streams. While I can look at the SSL traffic up to the TCP headers, I want to see what kind of responses the web servers are returning to the clients via CSS.

Gold

Re: SSL Traffic Sniff

SSLdump appears to be very much like tealeaf. If provided the appropriate keys, it should allow you to see the entire HTTP stream. I don't see a Windows version but perhaps it will work under cygwin?

you might be able to use dsniff.

381
Views
0
Helpful
5
Replies
CreatePlease login to create content