How can I configure Wireshark to see HTTPS traffic?

Question

I'm testing an iOS application and I just want to see when HTTPS traffic is sent. I'm not interested in the contents of the traffic. How can I configure Wireshark to do this?

This is just to verify that an analytics package is working. I don't have any control over the servers that my app is talking to.

Thanks!

Edit #1: My current Wireshark configuration can see traffic to http://www.duckduckgo.com but not https://www.duckduckgo.com

Answer 1

An alternative is using your Mac as a Wi-Fi access point and sniffing the traffic with TCPDump. Here are the steps:

• Connect your Mac to your router using an Ethernet cable (the Wi-Fi card will be busy working as access point). Or skip this step if you only want to sniff traffic from the app to your own computer.
• In the Wi-Fi icon of your toolbar, click Create Network. Give it a random name, select security, and set a password.
• In System Preferences > Sharing set To computers using: Wi-Fi. In Wi-Fi Options... choose the network you created before. In Share your connection from:, choose the interface you are getting Internet from, usually Ethernet.
• Enable Internet Sharing, and connect to this new Wi-Fi network from your iPhone.
• Disconnect 3G on your iPhone from Settings > General > Network and check your Internet with Safari. Sometimes it takes a few seconds.
• In your Mac type sudo tcpdump -s 0 -A -i en1 port 443 > log.txt. Use ifconfig if you have a network interface other than en1. The log generated can also be imported by WireShark (which is a GUI version of tcpdump).
• Now all Internet traffic from your iPhone will be recorded.

TCPDump is included with all versions of OS X. For other options, see Technical Q&A QA1176 Getting a Packet Trace.

Answer 2

If you want to decrypt the SSL traffic in order to listen in on it, have a look at the Wireshark Wiki. The explanation is a bit longer, but enables you to decrypt SSL traffic.

You also might want to listen on port 443 instead of 80.. :-)