Ask Your Question

Revision history [back]

Seems like there are two technical issues here let alone the legality of reverse engineering the data which is presumably protected by some form of contract.

The technical issues are; decrypting the traffic and dissecting the data protocol.

Assuming the connection uses TLS, which is easily determined using Wireshark, the first might be done using some form of MITM proxy but that does depend on the client co-operating with a certificate that isn't issued by the data vendor. If proxying doesn't work then it's much tougher as you need to extract the pre-master secret from the client and this depends on many things including the TLS library used by the client. If TLS isn't used, then you have a tough task working out what encryption is used and how to decrypt the traffic.

If the decryption issue can be overcome and the keying material provided to Wireshark, then the raw traffic data will be visible. You might be lucky and it actually uses a protocol already dissected by Wireshark, if not then it will be plain data as a series of hex bytes. A custom Wireshark dissector could then be used as the protocol is reverse engineered, but again the reverse engineering may be a tough task depending on the complexity.