Wireshark-users: Re: [Wireshark-users] tcp.time_delta column with tshark

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Mon, 31 Jan 2011 12:05:24 +1100
When you connect to a proxy via HTTP and through that that proxy
connect to a HTTPS web server, it is still using SSL for the
encryption layer. The proxy passes through the SSL of course, as it
won't have the private key of the web server.

If you are trying to decrypt SSL passing through a HTTP proxy, you
will need to apply the private key of the HTTPS web server specify
the IP address of the proxy.


Regards, Martin

MartinVisser99@xxxxxxxxx



On 31 January 2011 07:49, vincent paul <amoteluro@xxxxxxxxx> wrote:
> Hi Martin,
>
> When client was connected directly to a SSL web server (i.e.server's IP
> : 1.2.3.4), with the key, I could see the http traffic.
>
> When the client went via its proxy (i.e:  5.6.7.8) to the same SSL web
> server, I couldn't see the packets's content using the same key.  I did try
> to change the source IP in wireshark/tshark set up to the proxy's IP, but
> couldn't see either.  So there should be some kind of encryption or tunnel
> between client and its proxy, am I wrong?
>
> Do you happen to know any document or web site discussing about proxy's
> operations.
>
> Regards,
>
> PV
>
> ________________________________
> From: Martin Visser <martinvisser99@xxxxxxxxx>
> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Sent: Sun, January 30, 2011 1:42:19 AM
> Subject: Re: [Wireshark-users] tcp.time_delta column with tshark
>
> If you capture traffic on your network  on or in the path between the
> client and proxy, you will see see the HTTP proxy traffic. HTTP
> traffic direct to the web-server or via a proxy are fundamentally the
> same - the proxy just has to handle the edge conditions a little
> differently.
>
> Regards, Martin
>
> MartinVisser99@xxxxxxxxx
>
>
>
> On 30 January 2011 15:26, vincent paul <amoteluro@xxxxxxxxx> wrote:
>> Thank you Sake and J.Snelders for your quick and precious  help.
>>
>> Best Regards,
>> PV
>>
>> NOTE: Any idea how to see the packets' content between client and its
>> proxy
>> (not web server)
>>
>> ________________________________
>>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>