Skip to content

Instantly share code, notes, and snippets.

@codemem
Forked from EddiG/wireshark.md
Created August 1, 2024 16:52
Show Gist options
  • Save codemem/69a6688d824b66c302b68916fe6e2ac5 to your computer and use it in GitHub Desktop.
Save codemem/69a6688d824b66c302b68916fe6e2ac5 to your computer and use it in GitHub Desktop.
How to decrypt SSL/TLS traffic in Wireshark on MacOS

The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment