Suppose we want to do it for page https://http2.golang.org/serverpush.
- We open Wireshark and start capturing traffic.
- We type in the following commands in the terminal. Here we use option --user-data-dir=/tmp, in order to launch a brand new instance of chromium. If we do not use the option and we have chromium already opened, then the page will be opened in our old instance of chromium and session keys will not be exported.
1 2 | export SSLKEYLOGFILE=~/chomium_keys.txt chromium-browser --user-data-dir=/tmp https://http2.golang.org/serverpush |
- In Wireshark, we type in to the filter field (as in the image below): http2.There will be no packets seen in the window as all the traffic is encrypted.
- In Wireshark we go to Edit → Preferences → Protocols → SSL.There we set “(Pre-)-Master-Secret log filename” to our file with exported keys ~/chomium_keys.txt.
- At once we will see the decrypted http2 packets in Wireshark:
No comments:
Post a Comment