Why can https grab the bag and see the plaintext? 04/26 Update SLTechnology News&Howtos

Why can https grab the bag and see the plaintext?

2025-04-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Https packet grabbing principle

A lot of tools can grab bags, I use Charles for Mac to grab bags.

The process of grabbing the https bag of a mobile phone

Mac to install the certificate and set up as a new person, first set the local area network of the mobile phone to the same as MAC, set up proxy IP and port 443, then download the certificate and install it, and set up trust at the same time. Then Charles will be able to catch the Internet request on the phone.

After the bag grabbing tool forges the self-signed certificate, it can successfully grab the package, and what it catches is plaintext.

The encryption layer lies between the http layer (application layer) and the tcp layer (transport layer), so the data captured in the http layer is not encrypted. Similarly, in the background receiver, after decryption, the data arriving at the http layer is also plaintext. Note that instead of encrypting http messages, https encrypts business data and then transmits it using http. Therefore, it is necessary to encrypt the password on the client side with MD5.

The principle of https packet grabbing is that the packet grabber intercepts the certificate returned by the server and then returns its own certificate to the client.

The data capture program sent by the client is decrypted with its own certificate, then encrypted with the intercepted certificate, and then sent to the server so that you can see the plaintext.

Ciphertext is for paths other than the two ends of https, as both ends of the https link, of course you can see plaintext.

HTTPS uses an asymmetric encryption algorithm (such as RSA algorithm) to generate and exchange the negotiation key, and then uses the negotiation key to communicate symmetrically in the subsequent communication process. The reason for using these two encryption methods is that asymmetric encryption has a large amount of computation. If asymmetric encryption has been used to transmit data, it will affect the efficiency.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.