Hi all,
I have a brief question on how Glasswire captures HTTPS traffic from my browser, similar tools (FiddlerEverywhere, MiTMProxy) require a certificate either in the browser or installed at the system level. From my understanding Glasswire does not interact with certificates but is able to monitor and see HTTPS traffic, how?
I had a quick search in the forums for an answer to this question but couldn’t find one. Any response is appreciated,
AreYouSure
There is a technical reason. The content of HTTPS is encrypted between the source and destination, but simply put, packet headers need the source and destination IP address in the clear so that routers know where to send the packets to at the Network Layer (OSI Layer 3). Encryption occurs at the Presentation Layer (OSI Layer 6).
So “capturing traffic” does not mean to decrypt it. It’s just determining who sent what packet where.
By real world analogy, for mail sent via the postal service, you still need to put the recipients address on the outside of the envelope, regardless of the content inside the envelope being encrypted or not.
Interesting, so if I were to check HTTPS traffic in Glasswire I can see source and destination, but not the type of traffic or request (GET, POST) etc? The certificates for other applications allow them to see what the contents are?
You probably need to Google for those details. My assumption with HTTPS is that the network layer only sees what it needs in order to forward packets to the destination. No certificates required to do that. It’s just the post office. But GlassWire it is aware of the traffic type, i.e., HTTPS, HTTP, SNMP, IMAPS, etc.
But if you are only using HTTP, that’s more like a post card. Anybody handling the post card can read the entire message. Same with plain text email.
GlassWire doesn’t monitor the content of your https connections, so we do not break https like the other example apps you gave do.
Also, if you use dns over https (Firefox has this built in) we don’t cause issues with that cool privacy feature, unless you go into our settings and choose “look up DNS”. Please note “look up DNS” is off by default with our app. Even if that setting is off GlassWire will still resolve the DNS anyway (Windows itself will do this), but in a way that won’t break dns over https.
Basically we use a Windows API for network monitoring and it doesn’t require we break https or “man in the middle” your PC. We aren’t a “man in the middle” type of monitor.
We have designed GlassWire as a tool we want to use ourselves, and our policy is to do no harm. We wouldn’t want to create a tool or run one on our own PCs that could harm us, or others and we think that breaking https has the potential to cause harm in some situations.
Thank you both for such in-depth replies.