CS615A -- Aspects of System Administration - HTTP Exercise
Exercise: Set up a web server, serve a CGI, observe traffic
Plain text HTTP
Create an EC2 instance, install an HTTP server and configure it to listen on port 80.
Create a simple CGI program that prints whatever data is sent to it via the POST method.
Make an HTTP POST request (for example via curl(1)) from another system, while simultaneously capturing all network traffic on both your client and the server via tcpdump(8).
Analyze the network packets and verify that you can observe the content of the POST request in your traffic capture.
Now serve the same content via HTTPS using either a self-signed certificate or, preferably, get a valid certificate from e.g., Let's Encrypt.
Capture packets again while submitting a POST request. Verify that now you can no longer observe the contents of the request.
However, you do have possession of the private key -- can you use the server's certificate and private key together with e.g., Wireshark to decrypt the encrypted packets?