EddiG/wireshark.md

Last active April 11, 2025 19:32

Star (41) You must be signed in to star a gist
Fork (5) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/EddiG/dc852072c7ba367149b2f6c98fb540b3.js"></script>
Save EddiG/dc852072c7ba367149b2f6c98fb540b3 to your computer and use it in GitHub Desktop.

How to decrypt SSL/TLS traffic in Wireshark on MacOS

Raw

The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.

andrewtyw commented Apr 11, 2025

Thanks! Saved my ass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment