What information is visible to a packet sniffer which intercepted a HTTPS packet?

Question

If I make a HTTPS request to

subdomain.example.com/api/login?mytoken=JLK90GFSSFGDS4GFRW0

along with uploading a cookie, can a packet sniffer know:

• header information
• subdomain I am requesting
• URL parameters
• cookie contents
• whether it is GZIP compressed

In general, what information is encrypted and what is left plain for a HTTPS packet?

Answer 1

Everything apart from the hostname is encrypted - so in your example the domain name and subdomain are in clear text, everything else is encrypted.

See Does SSL also encrypt cookies? for more details.

[edited: initial version mistakenly stated that the entire URL was in cleartext. http://en.wikipedia.org/wiki/Transport_Layer_Security makes it quite clear that the server and client first negotiate their encryption, then the application-layer HTTP packets (with the full URL) is sent over this encrypted link.]