Description

This is done by LD_PRELOAD hooking openssl.

Install required library

sudo apt install libssl-dev
sudo apt install git make gcc

cd wireshark-notes/src
make

This will build libsslkeylog.so

export LD_PRELOAD=/path/to/libsslkeylog.so
export SSLKEYLOGFILE=/path/to/SSLKEYLOGFILE
./sslkeylog.sh curl https://example.com -sI

You should observe /path/to/SSLKEYLOGFILE being populated. Load the log file in wireshark to decrypt TLS traffic

Name		Name	Last commit message	Last commit date
Latest commit History 198 Commits
all		all
captures/voip		captures/voip
crafted-pkt		crafted-pkt
doc		doc
extcap		extcap
kex-fix		kex-fix
lua		lua
one-off		one-off
patches-psk-cleanup		patches-psk-cleanup
patches		patches
sipsim		sipsim
src		src
ssl3		ssl3
tls		tls
tls13scan		tls13scan
windows-libs		windows-libs
README.md		README.md
appveyor-clear.py		appveyor-clear.py
bisect-wireshark		bisect-wireshark
cyassl-test		cyassl-test
decrypt		decrypt
exportpdu.py		exportpdu.py
gen-cipher-test		gen-cipher-test
generate-wireshark-cs		generate-wireshark-cs
name-to-number.awk		name-to-number.awk
notes.txt		notes.txt
number-to-name.awk		number-to-name.awk
openssl-connect		openssl-connect
openssl-listen		openssl-listen
reordertcp.py		reordertcp.py
run-ws		run-ws
suites.txt		suites.txt
sync-build.sh		sync-build.sh
tcp-reassembly.py		tcp-reassembly.py
tshark-http2urls.awk		tshark-http2urls.awk
tshark-iophs-percent.awk		tshark-iophs-percent.awk