Assuming that I am using Wireshark in order to see the network transportation, the data which is flowing is http transactions which are encrypted by SSL.
My question is which http headers can be seen in the Wireshark?
Asked
Active
Viewed 3,110 times
1 Answers
3
No http headers can be seen in TLS/SSL encrypted connections as the whole http protocol is encrypted.
The only aspect which can be seen in cleartext is the certificate (which usually includes at least one hostname) and the hostname you are connecting to (if the browser supports SNI, all modern browsers do) which are transmitted in cleartext during the tls/ssl handshake.
MrTux
- 32,350
- 30
- 109
- 146
-
In which transaction I will see the host name? Http? – roeygol Jan 06 '16 at 15:22
-
The whole http traffic is encrypted, you can only see what is transmitted in cleartext during the tls/ssl handshake - and that's the SNI hostname and the certificate. – MrTux Jan 06 '16 at 15:23
-
Is there a way to find it using the Wireshark search? – roeygol Jan 06 '16 at 15:31
-
1Should be in on of the first packets which are transferred between the client and server. – MrTux Jan 06 '16 at 15:31