Background
- I want to capture HTTPS traffic from programs running on Windows 11 for debugging. I can't modify the programs (written in VB.NET/C#), so I want to capture traffic from outside of the programs.
- I want to see the content of captured HTTPS traffic in plain text. Modern browsers or
curl
support theSSLKEYLOGFILE
environment variable, but the program doesn't supportSSLKEYLOGFILE
.
Problem
When you use Internet Explorer, you can use Event Trace Sessions (Microsoft-Windows-WinINet-Capture
) from Performance Monitor to capture HTTPS requests/responses in plaintext.
I had tried to capture the traffic in the same way, but with Microsoft-Windows-WinINet-Capture
, nothing was captured in the .etl
file. The programs seem to use the WebClient
class rather than WinINet.
Question
Is there any Microsoft-Windows-WinINet-Capture
equivalent to capture HTTPS traffic and see content in plaintext, for programs that don't use WinINet?
It is preferable to be able to capture and see the traffic with Windows out-of-box features (without additional programs or man-in-the-middle HTTP proxies like Fiddler or Ethercap).