Menu
I am trying to reverse engineer a script so I can submit a form using Mechanize. The form is using some weird Javascript form upload script that I just can't seem to understand. So I was thinking I would sniff the traffic going from my browser to the server.
First of all, is this even possible? If so, what would be a good way to do it? I have tried Wireshark with the filter 'http.request.method == "POST"', but it doesn't seem to work.
649
You really can't. Packet sniffing can be done by any system on the local network. While sniffing from one Windows system can see the packets destined for the other local systems, if the data is encrypted, there is only a little information that is useful.
This is absolutely possible, and very easy to do. A packet sniffer does exactly this, and can view POSTed usernames and passwords in plaintext. To someone sniffing HTTP requests, a POST request looks pretty much identical to a GET request, except a POST request has "POST" at the top instead of "GET."
Wireshark has the ability to use SSLKEYLOGFILE to decrypt https traffic. This file is a feature provided by the web browser. When a Web Browser is configured to create and use this file all of the encryption keys created for that session are logged. This allows Wireshark to decrypt the traffic.
All HTTP traffic using HTTPS over TLS is encrypted, POST parameters included. You will need to configure Wireshark especially for this: http://wiki.wireshark.org/SSL and it is not likely that you will have access to the keys necessary to decrypt the traffic unless you own the HTTPS server.
174
You won't be able to get the request data using Wireshark. That's the point of HTTPS.
You should be able to use the Firebug extension for Firefox to monitor the requests your browser makes. It shows request and response headers, as well as form data.
Firebug
33
I use the HTTP Live Headers Plugin for Firefox. This is a sample capture from HTTP Live Headers
POST /Login HTTP/1.1
Host: signup.netflix.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://signup.netflix.com/Login?country=1&rdirfdc=true
--->Insert lots of private stuff here
Content-Type: application/x-www-form-urlencoded
Content-Length: 168
authURL=sOmELoNgTeXtStRiNg&nextpage=&SubmitButton=true&country=1&email=EmAiLAdDrEsS%40sOmEMaIlProvider.com&password=UnEnCoDeDpAsSwOrD
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
