codemem/wireshark.md

Forked from EddiG/wireshark.md

Created August 1, 2024 16:52

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/codemem/69a6688d824b66c302b68916fe6e2ac5.js"></script>
Save codemem/69a6688d824b66c302b68916fe6e2ac5 to your computer and use it in GitHub Desktop.

Download ZIP

How to decrypt SSL/TLS traffic in Wireshark on MacOS

Raw

wireshark.md

The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment