Thanks for your time. I’d like to find a way if a client has made a ‘GET’ or a ‘POST’ request for twitter.
We are currently doing an educational project and we wanted to understand how we can achieve this.
Setup:
We are using Wireshark for Sniffing twitter’s traffic.
We are getting a lot of data packets, the question is: How do i differentiate between a GET and a POST request? Is this possible?
Note: I understand that Twittter uses HTTPS to encrypt traffic. But, if i’m not mistaken, POST/GET call(request) happens before the certificate exchange. I’m just interested if the call is GET/POST. (I’m not interested in data)
Thanks,
R
Answer
You cannot decipher HTTPS traffic unless you do one of the following:
- Have the private key
- Do a Man-In-The-Middle attack where you intercept the SSL request, pretend to be the end client, decrypt it, inspect it, and then re-encrypt the data with your own root certificate and send it on to your end-client that trusts your root certificate.
What you can glean from the request:
- Source IP
- Source Port
- Destination IP
- Destination Port
- Hostname (if the server, and the client, are using SNI)
Let’s assume that you have a method of reading this HTTPS traffic, or are using regular HTTP. Then you need to read up on your RFC2616 to see how a HTTP packet is structured. Wireshark can decode these natively, so in the header you would see a GET
or a POST
directive.
Attribution
Source : Link , Question Author : Dark Knight , Answer Author : Mark Henderson