How to intercept XML sent from a site or received from a server over HTTPS?

L

Loligan2016-09-22 20:56:24

XML

Loligan, 2016-09-22 20:56:24

Hi guys. I can't find a tool to intercept XML sent over HTTPS. I tried through fidler but some kind of hardcore program. I would be very grateful to all those who will advise something really sensible or give a link to the materiel for this part.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

H

hoarywolf, 2016-09-22
@hoarywolf

https protocol with encryption of transmitted data. Interception is possible only according to the man-in-the-middle scheme, for example, using Charles.

S

spafix, 2016-09-22
@spafix

English Man in the middle, MitM attack is a term in cryptography that refers to a situation where an attacker is able to read and modify messages exchanged by correspondents at will, and none of the latter can guess about his presence in the channel.

R

Rou1997, 2016-09-23
@Rou1997

What can I advise you if I remember how they didn’t sell me cigarettes and alcohol, and I already knew how to work with Fiddler!
There is nothing "hardcore" in it, on the contrary, it is the highest-level sniffer, it fully responds to the "man-in-the-middle" principle, it intercepts requests, they appear in the list, including HTTPS, you can see it perfectly, it remains to figure out how to decrypt the answer, and it's not about HTTPS, but about Content-Encoding, so for decryption, just select a request in the list -> RMB -> "Decode selected sessions", and that's it, and the rest of the sniffers are even more "hardcore" like Wireshark and Charles, or just plain awkward, like the "Network" tab in Chrome's developer tools.