I am trying to decrypt TLSv1.3 packets using Wireshark. I have succeeded in doing so using this tutorial: https://blog.didierstevens.com/2020/12/28/decrypting-tls-streams-with-wireshark-part-2/
This tutorial is based on executing set SSLKEYLOGFILE="..."
and using the logged file to help Wireshark decode the TLS packets. (See screenshot below)
This works when using a browser to visit a webapp and capturing its packets, however, I want to apply this technique to a native MacOS app I downloaded from the app store.
I can see the packets coming from the app in Wireshark, but I haven't figured out how to get the SSL session keys.
So the question becomes: How do I get the SSL session keys (analogous to the ones in the SSLKEYLOGFILE file) from a native MacOS app?
Any help is greatly appreciated.
SSLKEYLOGFILE
), it would need advanced techniques (attach a debugger and/or hooking library calls) to get this information. There can be no one-size-fits-all solution.