Inaccurate. Most browsers will now be using ephemeral key exchange. You pretty m... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nly on March 17, 2016 \| parent \| context \| favorite \| on: Tcpdump is amazing Inaccurate. Most browsers will now be using ephemeral key exchange. You pretty much have to configure one of the end points to dump session keys to a log file, then load that in to wireshark alongside the packet dump.

amelius on March 17, 2016 [–]

It would be nice if there was some automated way to do this.

mhils on March 17, 2016 | [–]

You can use mitmproxy [1] to dump the TLS Master Secrets for all connnections it intercepts [2]. The dumpfile goes straight into WireShark.

Obligatory disclaimer: I'm one of the mitmproxy authors - happy to answer any questions.

[1] https://mitmproxy.org/

[2] http://docs.mitmproxy.org/en/stable/dev/sslkeylogfile.html

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact