Hi I am trying to understand a website's login process. Here is what happens. 1. http://www.blah.com 2. https://www.blah.com/login <---- SSL 3. fill out login form and post 4. http://www.blah.com/myaccount <----- logged in I have been looking through the network traffic when going through this process (using wireshark) and I can't find a http POST action from my machine. It isn't there. Would the form post come up as a TLSv1 packet, since it is an SSL connection?
If you were logging in while still on the https:// page, then it would show up as going over port 443, not port 80. You may not be able to see the traffic in plaintext because of the SSL. You may want to try using TamperData ( https://addons.mozilla.org/en-US/firefox/addon/966 ) to see your POST content.