Roland Turner

about | contact

Peering inside TLS traffic, server-side

In the easy case where I have access to the server and am able to tell the client to use a different TCP port:

socat TCP4-LISTEN:7080,fork,reuseaddr OPENSSL:localhost:443,verify=0 &
socat OPENSSL-LISTEN:7443,certificate={certfile},key={keyfile},fork,reuseaddr,verify=0 TCP4:localhost:7080 &
iptables -I INPUT -p TCP --dport 7443 -j ACCEPT

Some details:

To use Wireshark on my notebook to watch what’s happening:

export LIBOVERLAY_SCROLLBAR=0
ssh root@{server} tcpdump -s 2000 -Uw - -i lo tcp port 7080 | wireshark -kli -

(the LIBOVERLAY_SCROLLBAR works around a nasty Ubuntu bug)