Skip to content

Instantly share code, notes, and snippets.

@smurugap

smurugap/wireshark.md

Forked from EddiG/wireshark.md
Created April 12, 2023 04:17
Show Gist options
  • Save smurugap/abe80caef40ddd47bd1d1859c9404a15 to your computer and use it in GitHub Desktop.
Save smurugap/abe80caef40ddd47bd1d1859c9404a15 to your computer and use it in GitHub Desktop.
Download ZIP
How to decrypt SSL/TLS traffic in Wireshark on MacOS
Raw
wireshark.md

The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment