Decrypting HTTPS traffic
In Web and Internet development you are unable to see what is being sent and received between your web browser / client and the server. Without this visibility it is difficult and time-consuming to determine exactly where the fault is.
While there are a lot of proprietary SSL Proxy products available in the market. I have tested a product named Charles Proxy and found it to be a great Product. While Charles is not open source you can try the product for 30 days for free and make you a decision of purchase, If you often want to sniff HTTPS traffic as part of your job or development I would say its worth a buy.
☑ Download: https://www.charlesproxy.com/download/
Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers.
▒ Explanation of Charles using Windows:
Here you can see the contents of my blog
Now let's decrypt!
#1) Help >> SSL Proxying >> Install Charles Root Certificate;
#2) Install Certificate;
#3) Local Machine;
#4) Choose repository;
#5) 2nd option (Trust Root Certification)
#6) Clear the current session;
#7) Proxy >> SSL Proxying Settings;
#8) Enable SSL Proxying;
#9) Click on Add at "include" option;
#10) Type * on host and OK.
#11) Clear the current session;
#12) Open website that you install the certification and see the magic:
So there are numerous possibilities and scenarios you can fulfil with this and perform high-level network and application debugging with this. In fact. Charles proxy can even be used for Mobile App Debugging and to sniff HTTPS traffic between Mobile App and to the Server.