I have an ASUS Wireless Router. I access by Ethernet and manage it. I have several clients accessing the router wirelessly to use Internet. Can I use Postman to Log all Http & Https traffic from those 3 wireless Users ,and if so please give me a few pointers in direction. Many thanks
Postman would not be able to create logs of Internet traffic.
That would need to be handled by the router. If its a basic router that doesn’t create granular logs, then you would need a proxy server\firewall in front of the router with appropriate software that capture the relevant logs.
At this point, if that software or router has an API, you could then potentially use Postman to return those logs (but it won’t create the logs for you if that is what you are asking).
Not sure I would see the point in that though, as you would normally just export the logs directly from the proxy or firewall software.
Thanks for the info Mike. Look, I have a TUF Gaming AX6000 router. It does do Logs, not bad logs, but what I am wanting to do is capture (a) That exact Files /Vieos are being downloaded on occassion , and (b) some better logs that will show me https and http website visits. What in your opinion would be best way to do that ?. Just to give an example. I am fine with YourTube.com BUT I am NOT fine with youtube.com /NSFW Videos
so I need to try and ascertain that last bit, what actual clips . Suggestions , maybe a better router and which one ?. Anyway I appreciate your input.
You need a router with a firewall, either inbuilt or with the ability to connect to a separate firewall.
A lot of people use a Raspberry PI for this purpose.
Another option is to turn the wireless router into bridge mode, and then get separate wireless with better logs. Like the new mesh wireless devices like Eero. (I don’t know how good the logs are or whether it allows you to block, you will need to investigate the options).
Thanks Mike that useful. Yes options on the TUF Gaming Router are fine, runs on Windows 10 so guess raspberry PI wont work unless is Linux.
Router has a firewall as well. Will look further thanks. I don’t need to Block so much as be able to LOG the whole url’s so then can deal with it, but at present am only seeing “YouTube com” and no specific video etc as doesnt show on logs. Its THAT which I need.
The Raspberry PI is usually a Linux build, and one of the more famous builds I think is called Pi Hole.
There are Windows installations for The Raspberry PI, but again its down to what software you need to run on the device. (Most will be Linux).
When a website is encrypted using HTTPS which is now nearly every site on the internet, it means that you won’t get information on what the user is browsing on that site. The router will not be able to log this information. It only knows that you have visited that domain. (Which is the whole point of using HTTPS\SSL - it prevents your ISP from knowing what you are browsing).
Ah ok thanks. So basically there is no way at all to know what they are accessing on HTTPS websites ?. Thats not good for monitoring and
proxy wont help I guess ?.
Correct.
You can use something like Charles Proxy to view the traffic, as that is used a lot to test SSL sites traffic but requires you to have the appropriate certificates configured within the proxy which you won’t have for sites you down own. You use it to inspect the code returned to the browser which you can’t normally do if its behind SSL.
Thanks Mike. Oh well, hopefully technology will bring a solution soon, maybe via AI ?. Anyway thanks again and lets see in a years time.
So Finally, is it correct therefore that “A” specific Router MIGHT be the key to logging https requests as they are made ? i.e. if they visit https YouTube com/NSFW “A” Router (if can find one) might log that whole url ?
No, you will not be able to see the HTTPS traffic, no matter how good the firewall is.
You will only know that they have visited the youtube.com domain. You will not know what they have accessed on that domain.
To inspect HTTPS traffic, you need to have the correct certificate\public and private key which you won’t have for application or website that you don’t own. Which is the whole point of HTTPS, its meant to encrypt your session to that website.
OK cheers Mike. I will close this thread as think that is about it. Appreciated.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.