如果使用https协议，是否可以使用libpcap查看标头/数据包中的内容

Question

I am using iptables string match + libnetfilter_queue library to monitor http requests and responses. But later on I realized that string match fails in case of https protocol as iptable captures packets at layer 3. Now, i am reimplementing it using libpcap. So, is it possible to see what is in header/packet using libpcap in case of https protocol

Answer 1

HTTPS uses the SSL protocol which encrypts information at the application layer (the highest layer in the OSI model). As such, the answer is no, libpcap will not help you see the contents. If it were possible, it would pretty much defeat the purpose of using SSL in the first place.

Answer 2

否。如果可能，HTTPS将不安全，这是它存在的唯一原因。

Answer 3

If you're watching the traffic between your machine and another machine, you may be able to decrypt the SSL traffic (after all, the browser on your machine can do so), but it's not easy - Wireshark can do it if it has the necessary key information , but the code to do that is somewhat complicated (I won't be able to help you figure it out, so you're on your own there), and it might not always be able to do the decryption.

If you're watching the traffic between two other machines, you'd need to get the keys from those machines (if you could do it without those keys, then, as others have noted, SSL wouldn't be very useful, as its whole purpose is to hide traffic from other people).