Packet Capture for HTTPS traffic


Will the client app Packet Capture be able to log HTTPS requests via certificate (hence decrypted)?

How can I extract/view these URIs/requests from the logs?


If the issue is with SSL hanshake then see he logs and exclude the site from the SSL decryption as it may use pinned ssl certificates or client SSL authentication and you can contact the Zscaler support to ask why a site needs to be excluded from the SSL decryption.

if you want to see inside the web traffic better try tools like HTTPWatch, Fiddler etc.:

Thanks! I clicked to capture the packets but how can I read the URIs and HTTPS requests captured? I clicked to export logs and it generated half a gigabyte of data with no indication where to look. Unfortunately the traffic is not via Chrome/Edge etc but another app which starts after MS SSO (not 2FA).

As I mentioned better route your application traffic to fiddler or squid proxy or other application proxy server intalled on the same place where the non browser app is installed or on another server if you want to capture it without decryption if the non browser application supports this as you can’t do ssl decryption capture on the zscaler cloud and not certain if even the zscaler support can do this because of GDPR as they capture only meta data but you can always ask them.


Also as I mentioned I don’t think the connector capture sees inside the HTTPS so seeing the URL that may not work except if you make the server that you connect to work on port HTTP if you manage it but better see with Fiddler or the Zscaler TAC for a pcap.

Also I talked with a person from the Zscaler TAC and they should be able as the Zscaler Edges are based on Linux like if you have a Private or Virtual Edge you would have seen this and tcpdump or ssldump commands are possible and they have a better way like a script or something. The only issue will be if the web servers use ECDSA is an elliptic curve implementation as I do not know if Zscaler Edge can open the two different SSL sessions between the edge and the client and the edge and server with different SSL cichers and algorithms or the web server will need to be configured to use RSA or DSA.

Still better try to proxy your non browser app traffic to a application proxy as I mentioned or just ask the web server team if they are part of your company or you have a support contract with them.