Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Need to debug https

Posted on 2012-09-17
Medium Priority
Last Modified: 2014-11-12
I'm trying to work with the Google Calendar API from some .Net code.

I'd like to debug this and looking into the dialog from an existing Outlook plug-in that synchronizes with Google would help.

Unfortunately (or fortunately depending on your PoV), this plug-in uses HTTPS, so there doesn't seem to be a way to decode the captured communications via WireShark.

Does anyone know of a tool that will capture "and" decode this HTTPS traffic so I can see what's happening?

From what I read Fiddler can decode SSL but from my experience you can only capture communications from a web browser.
Question by:Gene Klamerus
  • 2
LVL 33

Expert Comment

ID: 38410402
In your case, I would first verify if I can control the endpoint connection from my code.
I don't know if you are using the REST api directly, or if you use some SDK wrapper.
If you use the REST api and have some control over the connection then the following may work.

I use the Axis TCPMonitor for http and SOAP debugging.

It does not support SSL, so you need to add something like stunnel

Start stunnel and set it something like this
client = yes
accept  = 88
connect = api.google.com:443

Open in new window

change api.google.com to the actual address of the api endpoint.

then start TCPMonitor, and add a reverse proxy definition to listen on port 443, and forward it to localhost:88

you API calls must be changed to refer to localhost port 443 but without SSL.

your code --http--> localhost:443 --http--> localhost:88 --https--> api.google.com:443

it may not work if google are doing redirections to load balance the service.

Author Comment

by:Gene Klamerus
ID: 38411825
I can't really do any of this with the Outlook plug-in which is a commercial tool (gSyncIt).  At least not from what I understand you're describing.
LVL 33

Accepted Solution

shalomc earned 1500 total points
ID: 38413998
you're right.

If your organization has WebSense or a similar filtering software, then you can use it to trace and log https sessions, although it is a major pita.

Otherwise you have a problem.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When I'm searching for answers on Experts Exchange, I often use Google because it's built into my browser.  To search only on Experts Exchange, I use the "site:" search operator, which can be cumbersome to type out each time I want to run a search.…
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month10 days, 8 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question