Date created: Thursday, January 8, 2026 10:23:20 AM. Last modified: Thursday, January 8, 2026 10:23:20 AM

Wireshark

Capture TLS Traffic

  • Close browser(s) and wireshark
  • Open terminal
  • Set ENV var to log TLS keys: 
    • export SSLKEYLOGFILE="/home/$USER/tlskeys.log"
  • Start Wireshark and start capture
  • Start Browser from terminal e.g. "firefox &" (also works with Chrome)
  • Perhaps actions on TLS website
  • Stop Wireshark
  • Navigate in Wireshark to Edit > Preferences > Protocols > TLS and set the "(Pre)-MasterSecret log filename" to the "/home/$USER/tlskeys.log" file
  • All HTTP traffic in Wireshark is now in clear text

 

 


^ Top

Previous page: Systap
Next page: 'adb' - Notes