How to capture HTTP in Wireshark?

Why is Wireshark not picking up HTTPS?

We have a new environment setup, with a couple of clients connected, and a web application running on Apache (2.17), which is proxying through an HSTS host. This hosts our backend infrastructure that's actually running our application.

What's the problem here? What should I do to make Wireshark show HTTPS information? It's not, for some reason. Here are more details: Apache HTTP Server Version 2.17 Linux kernel 3.6.0-19-generic
Windows Server 2025 R2 Enterprise. The client OS is Windows 10. Here is a portion of my wireshark output: When the page loads it shows an error, it loads as if plain HTTP (no matter what protocol the page is requesting, eg, http or https). The server response header doesn't contain the HTTP 200 header.

HSTS is a standard that was written well before there was a "secure" option for SSL. You'll want to check your reverse proxy as it may be rejecting the secure connection.

How do I find HTTPS in Wireshark?

In a world where it's pretty much impossible to avoid SSL encryption, and yet where a full web session isn't possible in Wireshark, it's still possible to see the plaintext content of your HTTP web browsing in between to ssl://www.

Example.com. It's as simple as using the following:

Wireshark -I http -D https port 443. A quick tip - in newer versions of Wireshark (2.1 and greater), we can even set as our proxy for DNS traffic if we so desire. This will not work for all DNS queries though.8

This will output the IPv4 address behind 8. What else do I need to get https content in Wireshark? You need some client side SSL support in your browsers (Chrome or Opera), and you probably need your OS's firewall disabled. A nice little utility on OSX for example (with Firefox) is Better Privacy Browser Blocker, which will stop any SSL decryption attempts. There are also Chrome extensions for this.

How does my network look like? Do I need this? Do you really want to do this? It doesn't take much work with any modern web browser to understand what's going on in most pages and not very many pages at that. And if you don't trust SSL certificates, then you shouldn't trust SSL content regardless of browser plugins.

Let's say I do like reading all that interesting data about the network and I use Wireshark, will I ever need to do this? If I'm a pentester, then the answer is yes, but I also hope you're getting paid by a company that does secure websites. When can I set this up at a network scale, or even on an SSL protected site? Only when you really need it and when you can guarantee only a handful of people will need to see the HTTP traffic in your system. We're talking one or two people every week.

Why my Wireshark is not showing HTTP?

I have an embedded system with a browser (a small screen browser) that has a local host on my PC. The embedded system can access a web site over http, when the embedded browser is open. When I monitor the traffic on Wireshark, I see the http traffic, but not the HTTP. My embedded browser is not configured for HTTPS or anything like that.

This is what I am seeing in Wireshark: Wireshark shows me the http traffic, but not the HTTP. The PC browser shows me the http traffic, and the embedded browser shows me the http traffic. How can I get Wireshark to show me the http traffic? Thanks. The first image shows that the browser (I'm guessing your embedded browser) is using TLSv1.2 with SHA-256 ciphersuites. This is the most common configuration for TLS-enabled browsers.

The second image shows that you're using TLSv1.0 with SHA-256 ciphersuites. This means that the embedded browser is using an old SSLv3 compatible server, which is being deprecated.

You can either try to upgrade your embedded browser to a version that is capable of using the more modern TLSv1.2 protocol, or you can try to force Wireshark to connect using an older protocol using the -ssl3 switch.

Edit. For some browsers the -ssl3 switch does not actually specify an older protocol. It seems to use SSLv3 by default, but some browsers can be configured to use SSLv3 or SSLv2.