Intercepting Internet Traffic From Applications?
Alright, so this is a bit of a random question, but I hope it’s the right kind of thing for this sub. I notice there are a bunch of questions on this sub where it’s clear the askers haven’t even *tried* to research even a little bit, so I tried to structure my question as helpful as possible. So, my problem: I have a program, and it’s sending/getting some bit of data from/to a server. I want to try to figure out what data it is sending and receiving.
My first idea was to try to use a debugger like IDA Pro to find it, but even though I can find the URL, I can’t find the parameters.
I tried using wireshark, but the server only uses https, so if there’s an easy way to decrypt that, please point me to a tutorial.
I’ve used burpsuite before, and it seems like I want something similar here, but burpsuite only works for web requests in a browser. My first idea was to redirect the traffic from the app through the burpsuite proxy, and it *kind of* *worked*, but not really. I found a program called [Proxifier](https://www.proxifier.com/), which lets me redirect the traffic through the burpsuite proxy. The only problem is, for some reason burpsuite isn’t picking up on it. It shows that requests are being sent in Proxifier, and if I try using the same method for something like firefox, it works, but something about the traffic being sent by the program is different, web browsers probably do something different. (Even if you can’t help me with my main issue, I’d like to learn more about this, so if you know what’s different, please let me know.)
So now I get to my actual question. Is there a proxy server (Preferably windows, since it’s a windows application, but I can use a windows VM on linux) that can run on my computer that could let me intercept traffic besides just from the browser? Or, is there another, easier way to solve my problem? I’ve been scratching my head at this for a while, so any help is greatly appreciated. TIA!
For other people who searched for something similar and found this post, sorry if this isn’t the right solution for you, but here is how I solved it. I started a netcat/ncat listener and opened the program in IDA Pro (though any hex editor should work). I found the URL that I wanted to get the data from, and changed it to be **http**://localhost:9001, it wasn’t the right length so I just added /aaaaa until it was, since it should still get picked up by ncat. I then ran the program, and checked ncat, and it showed me what was being sent. I then opened the *actual* link in chrome, with the parameters in the URL the same as what was showed on the ncat, and it returned the data. Now all that’s left is to figure out what it means.