Why cannot find out Tor Browser’s SSL handshake at the default local Tor socks5 proxy port?
I suppose traffic at the default Tor socks5 proxy port(9150) is unencrypted because unencrypted HTTP contents can be find out.
My wireshark filter is ssl.handshake
on the loopback interface.
Edit:
Thank to WofWca, I use the filter of frame contains torproject && tcp.port==9150
to see the domain name.
Could you describe more concretely what you expect to see?
I’m looking at the loopback interface in Wireshark and I can see all the TLS stuff alright, with this filter (tcp.port == 9150) && (ssl.handshake)
. Maybe try (tcp.port == 9150) && (tls.handshake || ssl.handshake)
instead?
I want to see TBB’s update server domain name and verify if the TBB update check is actually happened.
With (tcp.port == 9150) && (ssl.handshake)
and ssl.handshake
show empty filter result.
With (tcp.port == 9150) && (tls.handshake || ssl.handshake)
I get a message of Invalid filter: "tls.handshake" is neither a field nor a a protocol name.
Sounds like your Wireshark is pretty outdated.
Either way, try frame contains "torproject"
or just tcp.port == 9150
.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.