Should the data in an HTTPS request be encrypted in the Chrome Developer Tools?

Question

Should the data in an HTTPS request be encrypted in the Chrome Developer Tools?

I'm trying to better understand how SSL works, so I installed a self-signed SSL certificate on my server for testing.

When I send data to the HTTPS url on the test server, the Chrome developer tools display all the data in plain text. Is this what I should expect, or should the data appear encrypted in the developer tools?

I tried running the packet sniffer (Cocoa Analyzer Package), and I do not see any of the data that I am trying to publish in text form, but some messages show that I also host the domain (only the domain, query parameters or other data). This is normal? I got the impression that everything, including the URL, should be encrypted.

+5

ssl https packet-sniffers

Choy Apr 30 '13 at 18:42

source share

1 answer

David · Accepted Answer · 2013-04-30T18:48:49+0000

Chrome developer tools will not be very useful if they just show encrypted data. These tools are located on the network stack before the data is encrypted and sent to the server.

As you noticed, the packet sniffer will show that the HTTP message sent over SSL is encrypted on the wire. Domain names are not encrypted because they are needed in plain text for DNS and TCP to send your data to the correct server.

Should the data in an HTTPS request be encrypted in the Chrome Developer Tools?

More articles: