Use Wireshark for debugging HTTP/HTTPS

Question

I want to capture HTTP or HTTPS requests on my created bridge connection. But Fiddler doesn't captures requests on bridge connection.

1. How can I view only HTTP requests on Wireshark?
2. How can I view response of http/https requests on Wireshark?
3. How can I view the requested query on Wireshark?

I want to use Wireshark like Fiddler.

Answer 1

This is what a Wireshark window looks like by default (using version 1.12.3 in this example):

From top to bottom you have:

• Menu Toolbar
• Main Toolbar
• Filter Toolbar
• Packet List
• Packet Details
• Packet Bytes
• Status Bar

In the Filter toolbar (where the input box named Filter lies) you can write filters to keep only the packets you want to inspect:

1. How can I view only http requests on wireshark?

http.request

2. How can I view response of http/https requests on wireshark?

http.response

Enhancing your filter with the IP address of yor NIC would also help reduce the amount of packets displayed: http.response and ip.addr == x.x.x.x

You can also view both request and responses at the same time (as you can see in the image) using the filter: http.request or http.response.

3. How can I view the requested query on wireshark?

If you select a packet in the Packet List section, detailed information is displayed in the Packet Details section where you have all the information about that packet that you need.