Is there any way that I can differentiate,
the HTTP or HTTPS packets are coming from browser or not ?
specially for https request.There is User-Agent field in packet in Http,but I could not found anything in HTTPS.
Asked
Active
Viewed 1.1k times
0
user95711
- 201
- 3
- 4
- 11
-
to read https data in wireshark you need to load your SSL keys `Edit->Preferences->Protocols->SSL` for more info check http://packetpushers.net/using-wireshark-to-decode-ssltls-packets/ – Hrvoje Špoljar Nov 21 '14 at 11:43
3 Answers
1
yes ,
UA is the header field to do this , as all are saying and as you must be at the server end watching traffic at application level , you can easily watch http header inside ssl too , as you are the far end of the ssl tunnel ,it is available to you after ssl offload
Arjun sharma
- 605
- 4
- 9
0
The whole point of HTTPS is to protect the traffic from someone capturing it in transit. So, as you have already said, you can sniff and filter on HTTP headers and no, you cannot read/parse/filter on HTTPS traffic.
Marko Živanović
- 141
- 4
-
1
-
as you are the other end of the tunnel and you always have session key , its meant for server and client only , – Arjun sharma Oct 22 '16 at 04:08
0
In HTTP traffic you can differentiate which traffic came from which browser (or if it came from applications which are not browsers) by looking at the "user-agent" field. You can use UADetector to identify the exact browser. It's a Java library that can identify 190 different browsers (according to what they write).
Regarding HTTPS: as said before the user-agent is encrypted. So you can't do much about it unless you can use a SSL Proxy (SSL man-in-the-middle) to stand between the client/s and the server/s and decrypt all traffic. For example - Fiddler is a (free) tool like that - you can install it on a client and it decrypts all traffic from the brwosers
seladb
- 408
- 4
- 12