Hello,
My router TP-Link Archer C7 is running OpenWRT. I'm a developer and need to see the traffic that is going on inside the network.
I'm aware it is not that simple, specially when it is via HTTPS.
I'd like to at least be able to see the HTTP / HTTPS calls (URLs). I understand that n the case of HTTPS, content will be encrypted. Is there a way to see the URLs being called?
Thank you for any help!
Use tcpdump as suggested above, and then look for the SNI extension within the request.
If SNI is missing (or encrypted, eSNI is becoming a thing) then you don't have any options.
Not completely correct... You can do man-in-the-middle and pretend to be the server offering a false certificate. So being a proxy. For that you would need to get yourself as root trust authority in all client devices. But then you still have the certificate pinning...
Further, you have the ability to extract the session keys on client devices and put them into wireshark for decryption.
No. Best, you can achive: The domain name, from SNI. Various options to see the SNI.
In case, you can install special cert on your device, you often can see more than SNI. But not always, in case of HSTS.
1 Like