Technology Blog

Partners

WhichIsBest

Ads

ads
WhichIsBest

Tuesday, April 8, 2014

How to see, edit and tamper HTTPS encrypted SSL data sent from any browser or system?

In the last post, we saw how to view & edit HTTP traffic using Charles.

Now that we’re cool enough to crack open any requests from our PC, not all websites are that dumb to just work on HTTP. Most sites we encounter, may follow a secure connectionHTTPS or SSL certified.
It’s still easier to dismantle, read & edit HTTPS too!



Just open Charles and go to Proxy (in menu bar) → Proxy SettingsSSL Tab

Check “Enable SSL proxying
In the Locations box, you can add websites (using SSL), that you want Charles to unmask for you.
Add the site address (host) & port used. For example, I have added “www.google.co.in” and 443 as port. (443 is port for https protocol).
Note: If this is hectic, you can catch all requests by using wildcards *, * as shown.










Open browser and check the website (which uses SSL).
Let me do a Google search.
Instantly, we can see all the encrypted data sent from our PC.

Feel free to enable breakpoints; edit requests, responses (as seen for HTTP before) and play around encrypted data, like a piece of cake, hereupon.
Check out how our request looks before and after enabling SSL decrypting.
   
Please be noted this tutorial is for only educational purpose and be responsible. Have a good day with Charles.

No comments:

Post a Comment

WhichIsBest
WhichIsBest