Log and debug/decrypt an windows application's HTTPS traffic

Posted by cweiske on Super User See other posts from Super User or by cweiske
Published on 2011-06-29T10:29:34Z Indexed on 2011/06/30 8:25 UTC
Read the original article Hit count: 244

Filed under:
|
|
|
|

I've got a proprietary windows-only application that uses HTTPS to speak with a (also proprietary, undocumented) web service.

To ultimately be able to use the web service's functionality on my linux machines, I want to reverse-engineer the web service API by analyzing the requests sent by the application.

Now the question: How can I decrypt and log the HTTPS traffic?


I know of several solutions which don't apply in my case:

  • Fiddler is a man-in-the-middle HTTPS proxy which I cannot use since the application doesn't support proxies. Also, I do not (yet) know if it works with self-signed server certificates, which I doubt.
  • Wireshark is able to decrypt SSL streams if you have the server's private certificate, which I don't have.
  • any browser extension since the application is not a browser

If I remember correctly, there have been some trojans that capture online banking information by hooking into/replacing the window's crypto API. Since the machine is mine, low level changes are possible. Maybe there is a non-trojan (white-hat) network log application out there which does the same?

There is a blackhat presentation with some details available to read. They refer to Microsoft Research Detour for easy API hooking.

© Super User or respective owner

Related posts about Windows

Related posts about networking