When you are working with Glassfish (like I am doing now), you might need to capture your HTTPS traffic. In an earlier post, I explained how to capture and decrypt any SSL/TLS traffic, as long as you have the server private key.
While this method is quite effective and universal, it is still a little cumbersome, especially since the actual SSL decoder in Wireshark is not yet fully integrated into the analyzer itself.
For Sun’s Glassfish application server, there is a fairly simple way to monitor any web services HTTPS traffic:
simply go into the domain.xml file of your domain and add the following <jvm-options>:
<jvm-options>-DWSIT_HOME=${com.sun.aas.installRoot}</jvm-options><jvm-options>-Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true</jvm-options>
<jvm-options>-Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true</jvm-options>
The server.log (in <installRoot>/domains/domain1/logs) will then contain the fully assembled web services exchanges.