diff options
author | Aldo Cortesi <aldo@corte.si> | 2018-03-03 11:17:50 +1300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-03 11:17:50 +1300 |
commit | 9760396a3785290db944586fa9bc5118f43f50d4 (patch) | |
tree | 53a18e4d067aee021f0f87b596dd6ee247346ce6 | |
parent | 8ea58a432ef0697ad9616a5c7b4c70aa2b2b99c7 (diff) | |
parent | a074a1df4068ead70dd5d3c108497cb69774700a (diff) | |
download | mitmproxy-9760396a3785290db944586fa9bc5118f43f50d4.tar.gz mitmproxy-9760396a3785290db944586fa9bc5118f43f50d4.tar.bz2 mitmproxy-9760396a3785290db944586fa9bc5118f43f50d4.zip |
Merge pull request #2944 from Kriechi/docs++
readd Wireshark SSL master secrets docs
-rw-r--r-- | docs/src/content/howto-wireshark-tls.md | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/docs/src/content/howto-wireshark-tls.md b/docs/src/content/howto-wireshark-tls.md new file mode 100644 index 00000000..588223ac --- /dev/null +++ b/docs/src/content/howto-wireshark-tls.md @@ -0,0 +1,28 @@ +--- +title: "Wireshark and SSL/TLS" +menu: + howto: + weight: 1 +--- + +# Wireshark and SSL/TLS Master Secrets + +The SSL/SSL master keys can be logged by mitmproxy so that external programs can +decrypt SSL/TLS connections both from and to the proxy. Recent versions of +Wireshark can use these log files to decrypt packets. See the [Wireshark wiki](https://wiki.wireshark.org/SSL#Using_the_.28Pre.29-Master-Secret) for more information. + +Key logging is enabled by setting the environment variable `SSLKEYLOGFILE` so +that it points to a writable text file: +{{< highlight bash >}} +SSLKEYLOGFILE="$PWD/.mitmproxy/sslkeylogfile.txt" mitmproxy +{{< / highlight >}} +You can also `export` this environment variable to make it persistent for all applications started from your current shell session. + +You can specify the key file path in Wireshark via `Edit -> Preferences -> +Protocols -> SSL -> (Pre)-Master-Secret log filename`. If your SSLKEYLOGFILE +does not exist yet, just create an empty text file, so you can select it in +Wireshark (or run mitmproxy to create and collect master secrets). + +Note that `SSLKEYLOGFILE` is respected by other programs as well, e.g., Firefox +and Chrome. If this creates any issues, you can use `MITMPROXY_SSLKEYLOGFILE` +instead without affecting other applications. |