Overview
In some scenarios, we need to analyze the site's HTTPS traffic, and the Devtools tool provided by Chrome won't be able to view previous requests when the page jumps.
Using Wireshark to fully grasp the entire process, this article is mainly on-line information to collate, for future inspection.
Steps
As an chrome
example, the Mac details the following:
1. Find a browser
sudo find / -iname "Google Chrome"
You can find the path where the binary is/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
2. Run chrome and specify Sslkey logfile
sudo /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ssl-key-log-file=/Users/`whoami`/sslkeylog.log
3. Start Wireshark and configure the Sslkey file
menu bar, Wireshark
a Preferences
Protocols
SSL
When (Pre)-Master-Secret log filename
you fill in the file path specified when you just started,
4. Trace SSL Stream
Visit the HTTPS site, then filter the fields in the Wireshark ssl
to find a bag
右键
, Follow
SSL Stream
To see the decrypted HTTP request.
How does Wireshark crawl HTTPS traffic in your Mac?