I have an application that I'm looking at and it sends some information to a server on port 443 (https).

Since I can't ARP poison to perform the Man in the Middle attack I was wondering if anyone had any pointers on the best way to intercept this data to see what is being sent.

Was thinking of using something like WebProxy or BurpProxy but wondered if there were any specific reccomendations on how to approach this?

TIA
bb

maybe create a local proxy - just redirect the packages to your tool (open a local port) and let this tool connect to the server your program connects to.

Hi bb,

simply get Ethereal from http://www.ethereal.com/ and ensure, that u have WinPcap installed from here: http://winpcap.polito.it/

Then u will be able to see very easily, what is getting transmitted on any port / or specifically on port 440.

Cheers
relee

Hi bb,

easiest way would be be like relle already said just use some packet sniffer...there are many out there. 2nd way could be once you have the IP or hostname, to redirect that to yourl ocal machine and then do furter analysis. You easily could redirect the data by edit your local hostfile. like

127.0.0.1 localhost
<target-ip> localhost
...

ray

Cheers guys,

I'll let you know how I get on

Good weekend to all
bb

doesn't https use a public-key-encryption? then a sniffer won't help (this was my first idea).

In the end I used Burp Proxy http://www.portswigger.net/proxy/ which was ideal for my needs

Even allows you to do on the fly alterations to the data going over the SSL connection.

Very nice piece of software - and free Now I just need to brush up on P-Code debugging. Anything out there better than WKTVBDE?

bb