Skip to content

Instantly share code, notes, and snippets.

@khun84

khun84/wireshark.md

Forked from EddiG/wireshark.md
Created October 21, 2021 20:17
Show Gist options
  • Save khun84/861f35c03b07f88ce993ee338ee69c56 to your computer and use it in GitHub Desktop.
Save khun84/861f35c03b07f88ce993ee338ee69c56 to your computer and use it in GitHub Desktop.
Download ZIP
How to decrypt SSL/TLS traffic in Wireshark on MacOS
Raw
wireshark.md

The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment