Fully recording HTTPS traffic on osx.

Question

I'm trying to use wireshark to decode, view, and ultimately log my own https traffic--response bodies included. According to the wireshark docs, I need provide the file location of the private RSA key used to decode messages. My question is this:

1. Where on osx is the private rsa key used in https interactions, is this a single key? Many?
2. Wireshark docs seem to be telling me to make an RSA key. Given that I'm not experienced enough with this topic, messing with system keys because I read a thing on the internet seems like a pit of despair. What should I do?
3. What I'm really trying to do is log unencrypted https requests/responses with bodies, while listening to web traffic. If there's a better way I'm all ears.

Answer 1

What I'm really trying to do is log unencrypted https requests/responses with bodies, while listening to web traffic. If there's a better way I'm all ears.

Don't mess around with Wireshark for this. The documentation you're reading is outdated; modern TLS cipher suites do not use pure RSA for key exchange. This configuration was only supported by SSL 2.0, which was superseded by SSL 3.0 in 1996, and is no longer supported by any moern browser. Long story short -- it doesn't actually work in practice.

Instead, use a HTTPS proxy server. Several common tools for this purpose are:

• mitmproxy
• Charles Proxy (commercial)
• fiddler

Many of these tools will also allow you to alter the contents of an HTTPS session, which is certainly not something that Wireshark will do.