Why cannot find out Tor Browser’s SSL handshake at the default local Tor socks5 proxy port?
I suppose traffic at the default Tor socks5 proxy port(9150) is unencrypted because unencrypted HTTP contents can be find out.
My wireshark filter is ssl.handshake on the loopback interface.
Edit:
Thank to WofWca, I use the filter of frame contains torproject && tcp.port==9150 to see the domain name.
Could you describe more concretely what you expect to see?
I’m looking at the loopback interface in Wireshark and I can see all the TLS stuff alright, with this filter (tcp.port == 9150) && (ssl.handshake). Maybe try (tcp.port == 9150) && (tls.handshake || ssl.handshake) instead?
1 Like
I want to see TBB’s update server domain name and verify if the TBB update check is actually happened.
With (tcp.port == 9150) && (ssl.handshake) and ssl.handshake show empty filter result.
With (tcp.port == 9150) && (tls.handshake || ssl.handshake) I get a message of Invalid filter: "tls.handshake" is neither a field nor a a protocol name.
Sounds like your Wireshark is pretty outdated.
Either way, try frame contains "torproject" or just tcp.port == 9150.
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.