How can I decrypt HTTPS messages sent from a C# HTTP Client using Wireshark?

Question

We have a .Net 4.6.1 service that is using HttpWebRequest to send a HTTPS request to another web service. We're trying to capture the problem we're having with this request so we can send a data log to owners of the external service. We have a Wireshark trace of the request/response, but can't decrypt it. Remote service is Java, but that shouldn't matter.

We found this very informative post, but its referring HTTP through a browser. https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites/42350#42350

Is there a way we can either get the private RSA key used on our system to decode the request? This won't work for decripting the HTTPS response, correct? Will generating a SSL keylog file solve this problem? If so, can we modify our code to generate the file? Other solutions? Thanks

Answer 1

I thought of a workaround solution, so long as your networking infrastructure would allow it.

1. Reconfigure your client app to call remote server via HTTP (instead of HTTPS)
2. Put a proxy and configure you client to send via proxy.
3. Configure proxy to forward via HTTPS (and out to the remote server)
4. Use Wireshark to capture request between your client and proxy.

You'll have both request and response. Request should be in more or less prestine form, response will probably have couple of extra headers (like Via:) from proxy, but shouldn't prevent your troubleshooting.

Answer 2

Turning on the system logging for the application might help. You can setup the applications config file to turn this on and write to a file. The logs will be unencrypted and they will show the request/response along with more.

Here's an example, name it [app name].exe.config and place it in the same directory as the .exe

<configuration>
    <system.diagnostics>
        <trace autoflush="true"/>
        <sources>
            <source name="System.Net" maxdatasize="10240">
                <listeners>
                    <add name="TraceFile"/>
                </listeners>
            </source>
            <source name="System.Net.Sockets" maxdatasize="10240">
                <listeners>
                    <add name="TraceFile"/>
                    <!-- 
                    Commented this out because it can cause the program to slow down when running from the command line and console output is enabled
                    <add name="consoleListener" type="System.Diagnostics.ConsoleTraceListener"/> 
                    -->
                </listeners>
            </source>
        </sources>
        <sharedListeners>
            <add name="TraceFile" type="System.Diagnostics.TextWriterTraceListener" initializeData="trace.log"/>
        </sharedListeners>
        <switches>
            <add name="System.Net" value="Verbose"/>
            <add name="System.Net.Sockets" value="Verbose"/>
        </switches>
    </system.diagnostics>
</configuration>

You might want to take out the System.Net tracing and just log System.Net.Sockets