Sniff POST variables through HTTPS

Question

I am trying to reverse engineer a script so I can submit a form using Mechanize. The form is using some weird Javascript form upload script that I just can't seem to understand. So I was thinking I would sniff the traffic going from my browser to the server.

First of all, is this even possible? If so, what would be a good way to do it? I have tried Wireshark with the filter 'http.request.method == "POST"', but it doesn't seem to work.

Answer 1

All HTTP traffic using HTTPS over TLS is encrypted, POST parameters included. You will need to configure Wireshark especially for this: http://wiki.wireshark.org/SSL and it is not likely that you will have access to the keys necessary to decrypt the traffic unless you own the HTTPS server.

Answer 2

You won't be able to get the request data using Wireshark. That's the point of HTTPS.

You should be able to use the Firebug extension for Firefox to monitor the requests your browser makes. It shows request and response headers, as well as form data.

Firebug

Answer 3

I use the HTTP Live Headers Plugin for Firefox. This is a sample capture from HTTP Live Headers

POST /Login HTTP/1.1
Host: signup.netflix.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://signup.netflix.com/Login?country=1&rdirfdc=true
--->Insert lots of private stuff here
Content-Type: application/x-www-form-urlencoded
Content-Length: 168
authURL=sOmELoNgTeXtStRiNg&nextpage=&SubmitButton=true&country=1&email=EmAiLAdDrEsS%40sOmEMaIlProvider.com&password=UnEnCoDeDpAsSwOrD