Hi Guys , If I set the packet capture for any ssl site , all I can see first TCP connection is made and then SSL protocol packets . I understand the concern that may be HTTP protocol data is being encapsulated into SSL but while doing troubleshooting how can I make sure user is trying which site/URL ? is there any way out to see http protocol packets ? asked 12 May '15, 08:25  tech round |
2 Answers:
To decrypt the traffic you need the RSA key file. That means you need to private key information. Unless you have access to the server, you will not be able to access this file (i.e., you will not be able to decrypt). answered 12 May '15, 09:17  Amato_C |
Without decrypting the traffic you could do a reverse dns lookup of the destination ip, check the server name in the client hello and inspect the certificate. answered 12 May '15, 10:44  Roland |
