I'm trying to get a better understanding of how SSL works so I installed a self-signed SSL cert on my server for testing.
When I post data to an HTTPS url on the test server, Chrome developer tools shows all the data in plain text. Is that what I should expect or should the data appear as encrypted in the developer tools?
I tried running a packet sniffer (Cocoa Analyzer Packet) and I don't see any of the data that I'm trying to post in plain text, but some messages do show the domain I'm posting too (only the domain, no query params or other data). Is that normal? I was under the impression that everything including the url should be encrypted.
The Chrome developer tools wouldn't be very helpful if they just showed the encrypted data. Those tools are located in the network stack before the data gets encrypted and sent to the server.
As you have noticed, a packet sniffer will show that the HTTP message sent over SSL is encrypted on the wire. The domain names are not encrypted because those are needed in plain text for DNS and TCP to send your data to the correct server.
来源:https://stackoverflow.com/questions/16306839/should-data-in-an-https-request-appear-as-encrypted-in-chrome-developer-tools