Packetbeat - full URL on HTTPS traffic?

EdgeSync · November 23, 2021, 12:00pm

Is it possible to get the full URL from HTTPS traffic. I would like to be able to view the full URI that a client is attempting to access.

e.g. https://myserver.com/some_part/this_file.exe

I have packetbeat monitoring port 443, and can see the request being logged by packetbeat. I can see the full urls + uri paths for cleartext protocols like HTTP. So wondering if it's possible for HTTPS. Perhaps this is too low down on the network stack?

legoguy1000 · November 23, 2021, 5:20pm

No because the path and query parameters are encrypted unless u can do MITM.

system · December 21, 2021, 7:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to monitor https traffic through packetbeat? Beats packetbeat	1	1180	August 17, 2016
Packetbeat: Decode Https Traffic Beats packetbeat	4	539	October 13, 2021
Packetbeat does accurately measure tls/https traffic on local machine but not server Beats packetbeat	1	391	October 30, 2019
Monitoring HTTPS Beats packetbeat	2	1924	June 22, 2017
Https - 443 - response time - Packetbeat Beats packetbeat	2	532	April 5, 2019

Packetbeat - full URL on HTTPS traffic?

Related topics