top of page

Decrypting HTTPS traffic

In Web and Internet development you are unable to see what is being sent and received between your web browser / client and the server. Without this visibility it is difficult and time-consuming to determine exactly where the fault is.

While there are a lot of proprietary SSL Proxy products available in the market. I have tested a product named Charles Proxy and found it to be a great Product. While Charles is not open source you can try the product for 30 days for free and make you a decision of purchase, If you often want to sniff HTTPS traffic as part of your job or development I would say its worth a buy.


Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers.

▒ Explanation of Charles using Windows:

Here you can see the contents of my blog

Now let's decrypt!

#1) Help >> SSL Proxying >> Install Charles Root Certificate;

#2) Install Certificate;

#3) Local Machine;

#4) Choose repository;

#5) 2nd option (Trust Root Certification)

#6) Clear the current session;

#7) Proxy >> SSL Proxying Settings;

#8) Enable SSL Proxying;

#9) Click on Add at "include" option;

#10) Type * on host and OK.

#11) Clear the current session;

#12) Open website that you install the certification and see the magic:

So there are numerous possibilities and scenarios you can fulfil with this and perform high-level network and application debugging with this. In fact. Charles proxy can even be used for Mobile App Debugging and to sniff HTTPS traffic between Mobile App and to the Server.

39 views0 comments

Recent Posts

See All

Absolutely everything is connected to the internet these days, from TV to smart light bulbs, from mobile devices to smart cars. Given those ads and ad trackers are everywhere on the Internet, a browse

Can you explain the difference between symmetric and asymmetric encryption? When would you use one over the other? Answer: Symmetric encryption uses a single key to both encrypt and decrypt data, whil

Nuclei is an open-source tool that allows security researchers and penetration testers to automate the process of finding vulnerabilities in web applications. It works by sending HTTP requests to a ta

bottom of page