Ask Your Question

No HTTP requests in a TCP stream? (also decoding-help)

asked 2018-12-27 23:03:53 +0000

B3CH gravatar image

updated 2018-12-27 23:12:31 +0000

So I am having an issue where I am not able to see the actual HTTP requests inside a TCP stream. I only see encrypted data getting transferred on SSL and TCP protocol. I guess the stream might show the HTTP request if it was decoded, or am i wrong?

The entire TCP stream looks like this: image description

It also looks like Wireshark isn't able to decode all of the response from the HTTP request. I only see bits like "netzo666" = username, "NETZO-SAMAAA" = ingame name and "¿Cuál es mi bebida preferida?" = security question of my account.

So if anyone also could help with decoding this, that would be great.

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted

answered 2018-12-30 19:54:17 +0000

bluewolf1984 gravatar image

Watch this. Steps on how you can decrypt ssl traffic with wireshark

If that does not workout follow this thread

Update if any issues. Thanks

edit flag offensive delete link more

answered 2018-12-28 23:54:33 +0000

bluewolf1984 gravatar image

Wireshark cannot decode the ssl traffic since the ssl encryption is end to end between the client and the server. For decrypting the traffic you would need symmetric keys that are generated during the ssl handshake process. The only cleartext part in the ssl stream is the ssl handshake where client/server hello are exchanged.

If you want to decrypt the ssl traffic then its better if you use fiddler.

Fiddler actually sits in the middle of the client and server and acts as proxy/man in the middle.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-12-27 23:03:53 +0000

Seen: 270 times

Last updated: Dec 30 '18