How to debug encrypted HTTP traffic

When developing software, sometime it’s necessary to sniff the traffic that is transmitted between two computer systems. For that purpose tools like wireshark or tcpdump may be useful. Wireshark is a great tool, but when handling encrypted connections it is not possible to decrypt the traffic without having the key used for encryption. When sniffing http traffic the private key of the certificate is required to decrypt the information. But when talking to a foreign server, without having its private key another approach is necessary. Continue reading