Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can I see what my browser is really doing??

Status
Not open for further replies.
cascot

cascot

Programmer
Jan 30, 2002
127
CA

If my browser is the client and it's "chatting" with a remote web site using SSL, is there any way for me to see what my browser is actually sending to the remote server?

I have a packet sniffer (Ethereal) which shows me the data flow, but is there any way I can make use of the key being used for this "chat" between the server and my browser in order to decrypt the unreadable parts?

Obviously my browser does this internally, I'm just wondering if there is any way I can either capture what my browser is going to send before it encrypts it using SSL, or whether being the legitimate transaction maker (or whatever you want to call it), I can somehow make use of the key my browser knows about in order to decrypt the data captured by the packet sniffer.

I have access to Windows 98 / 2000 / Windows 2K Advanced Server.
 
Sort by date Sort by votes
ethereal only can capture the data which you have sent to the NIC. For ssl data, you can try "ssltab" . Will be a
better SSL trouble shooting tool.

The key is in the browser. I dont think there is easy way to do this.

 
Upvote 0 Downvote
ZSwen,

I searched the web but could find no references or links to ssltab. Do you know where I can get it?

When you say "The key is in the browser", do you mean the SSL encryption key? Doesn't something (the key?) have to be sent through from the site, which could be picked up from the packet sniffer that would enable you to somehow decrypt the data?
 
Upvote 0 Downvote
If there was an easy way to do this, it would defeat the purpose of SSL.
 
Upvote 0 Downvote
dilettante,

Not really. I am not talking about being able to just intercept any old SSL data and decode it. Obviously that would indeed defeat the purpose of SSL. But as I am the rightful and intended recipient of the data and the sender of the encoded data, it would hardly be against the principles of SSL if I was able to decrypt the data. Kinda like saying what's the point in having a PIN number for your bank card if it's easy to find out what it is, but of course if I'm the owner of the bank card...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
637
sbcsu
sbcsu
Zebad
  • Locked
  • Question
TFTP interference from another host (Windows Server , VxWorks Client)
Replies
0
Views
605
Zebad
Zebad
CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
758
maybeimaleo
maybeimaleo
Vitor Fernandes-Neto
  • Locked
  • Question
Ldap authentication in classic asp, retrieving givenname, displayname etc
Replies
0
Views
639
Vitor Fernandes-Neto
Vitor Fernandes-Neto
DrB0b
  • Locked
  • Question
Multiple WiNG Zebra Access Points with possible issue
Replies
1
Views
531
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top