[ale] Decrypting SSL traffic at the client side
James Taylor
James.Taylor at eastcobbgroup.com
Wed Jan 23 14:20:45 EST 2019
You could try fiddler
https://www.telerik.com/download/fiddler
It is primarily a windows app, but there is a beta build for linux that uses mono.
I'd love to find an linux equivalent if there is one.
-jt
James Taylor
678-697-9420
james.taylor at eastcobbgroup.com
>>> Dylan Northrup via Ale <ale at ale.org> 1/23/2019 12:05 PM >>>
I'm trying to debug some LB/proxy related issues retrieving git
repositories (more details below for those interested). The NetEng folks
are stonewalling because "we're just layer 3; obviously client problem"
and, since the traffic is HTTPS, I can't view the HTTP protocol level
per-packet headers to provide evidence to the contrary.
Given the following, is there any way to get a clear text packet capture of
the traffic?
- I have root on the box
- I am invoking the commands (in this case `git` and `curl`)
- I do not have access to any network equipment
- I do not have access to the git server (go.googlesource.com for golang
dependencies)
Full details:
My host is an Ubuntu 14.04.5 LTS VM.
Network path A for outbound traffic goes through an outbound NAT, to a load
balancer, then to one of two McAfee Web Gateway hosts, then out to the
Internet. Network path B skips the load balancer and goes straight from
the NAT to the MWG hosts and out to the internet.
The failure manifests in the following conditions:
- using Network path A (using the load balancer)
- retrieving a large repository such that the request is larger than git's
http.postBuffer
In these conditions, the `git clone` operations fail a significant portion
of the time (with a failure rate between 60-90%). If we use Network path B
(and no other changes) success rate is 100%. If I increase the
`http.postBuffer` size to some arbitrarily large value (and no other
changes, success rate is 100%.
Traffic is large enough to trigger `Transfer-Encoding: chunked` and is
compressed with gzip by the end servers. I know there's some wonky
interaction between the LB and the web proxy, but since I don't control
either of those pieces of gear, I'm stuck unless I can see the raw HTTP
traffic. I have run `git` with `GIT_CURL_VERBOSE=1 GIT_TRACE=1 git clone
URL` but the headers I see there aren't showing me the right bit of info.
Any suggestions would be much appreciated!
--
Dylan Northrup
"Adversity is just change we haven't adapted ourselves to yet."
- Aimee Mullins
More information about the Ale
mailing list