Log and debug/decrypt an windows application's HTTPS traffic
Posted
by
cweiske
on Super User
See other posts from Super User
or by cweiske
Published on 2011-06-29T10:29:34Z
Indexed on
2011/06/30
8:25 UTC
Read the original article
Hit count: 244
I've got a proprietary windows-only application that uses HTTPS to speak with a (also proprietary, undocumented) web service.
To ultimately be able to use the web service's functionality on my linux machines, I want to reverse-engineer the web service API by analyzing the requests sent by the application.
Now the question: How can I decrypt and log the HTTPS traffic?
I know of several solutions which don't apply in my case:
- Fiddler is a man-in-the-middle HTTPS proxy which I cannot use since the application doesn't support proxies. Also, I do not (yet) know if it works with self-signed server certificates, which I doubt.
- Wireshark is able to decrypt SSL streams if you have the server's private certificate, which I don't have.
- any browser extension since the application is not a browser
If I remember correctly, there have been some trojans that capture online banking information by hooking into/replacing the window's crypto API. Since the machine is mine, low level changes are possible. Maybe there is a non-trojan (white-hat) network log application out there which does the same?
There is a blackhat presentation with some details available to read. They refer to Microsoft Research Detour for easy API hooking.
© Super User or respective owner