Skip to content

Instantly share code, notes, and snippets.

View smurugap's full-sized avatar

Senthilnathan Murugappan smurugap

1 follower · 0 following
View GitHub Profile
@EddiG
EddiG / wireshark.md
Last active March 31, 2024 10:34
How to decrypt SSL/TLS traffic in Wireshark on MacOS

The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.