以明文方式捕获 HTTPS 流量? [英] Capturing HTTPS traffic in the clear?
问题描述
我有一个与远程 Web 服务通信的本地应用程序(我没有编写,也无法更改).它使用 HTTPS,我想看看流量中有什么.
I've got a local application (which I didn't write, and can't change) that talks to a remote web service. It uses HTTPS, and I'd like to see what's in the traffic.
有什么办法可以做到这一点吗?我更喜欢 Windows 系统,但我很乐意在 Linux 上设置代理,如果这能让事情变得更容易.
Is there any way I can do this? I'd prefer a Windows system, but I'm happy to set up a proxy on Linux if this makes things easier.
我在考虑什么:
- 通过入侵我的主机文件(或设置备用 DNS)来重定向网站.
- 在该站点上安装带有自签名(但受信任)证书的 HTTPS 服务器.
- 显然,如果您将私钥提供给 WireShark,它可以查看 HTTPS 中的内容.我从来没有试过这个.
- 不知何故,将此流量代理到真实服务器(即,这是一次全面的中间人攻击").
这听起来合理吗?WireShark 真的可以看到 HTTPS 流量中的内容吗?谁能告诉我一个合适的代理(以及相同的配置)?
Does this sound sensible? Can WireShark really see what's in HTTPS traffic? Can anyone point me at a suitable proxy (and configuration for same)?
推荐答案
Fiddler 做你想做的事想要吗?
Does Fiddler do what you want?
什么是 Fiddler?
What is Fiddler?
Fiddler 是一个 Web 调试代理记录您之间的所有 HTTP(S) 流量电脑和互联网.提琴手允许您检查所有 HTTP(S)流量,设置断点和小提琴"传入或传出数据.Fiddler 包含一个强大的基于事件的脚本子系统,以及可以使用任何 .NET 进行扩展语言.
Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.
Fiddler 是免费软件,可以调试来自几乎任何地方的流量应用程序,包括互联网资源管理器、Mozilla Firefox、Opera 和还有数千.
Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.
这篇关于以明文方式捕获 HTTPS 流量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
