Monitoring HTTPS traffic using tcpflow

I would like to use tcpflow to monitor https requests. I have read tutorials on how to monitor http traffic but when I connect to a host using https the output is garbled. I am using tcpflow in the following manner:

sudo tcpflow -s -c -i eth0 src or dst host
Asked By: Ifthikhan


You’re missing the point of HTTPS. You cannot read (much) meaningful information from a HTTPS stream, as the TCP layer encapsulating it is encrypted. Ultimately that means that the data will look like garbage to anyone trying to intercept it (including you).

Answered By: Chris Down

You can try sslstrip.

More info here

Answered By: int

If you have a copy of the key you can use ssldump which uses a syntax almost identical to tcpdump.

It won’t be quite as pretty as tcpflow, but you can get at the encrypted content.

Answered By: bahamat