I have a setup as follows to inspect traffic from a device.
Device <---> MitmProxy (Transparent Proxy mode) + Wireshark <---> Internet
Command used to invoke MitmProxy: SSLKEYLOGFILE="$PWD/mitmproxy/sslkeylogfile.txt" mitmweb --mode transparent --showhost
MitmProxy supports logging SSL/TLS master keys which allows Wireshark to decrypt the corresponding TLS traffic.
However, I noticed that the contents of my SSLKEYLOGFILE contained only lines of CLIENT_RANDOM which decrypts TLS 1.2 traffic.
To decrypt TLS 1.3 traffic, I understand that 4 secrets - CLIENT_HANDSHAKE_TRAFFIC_SECRET, SERVER_HANDSHAKE_TRAFFIC_SECRET, CLIENT_TRAFFIC_SECRET and SERVER_TRAFFIC_SECRET are needed, all of which are absent from my SSLKEYLOGFILE.
How may I proceed with decrypting TLS 1.3 in this setup?
This currently is a known bug in mitmproxy, see https://github.com/mitmproxy/mitmproxy/issues/3994. We're waiting for upstream to expose the new OpenSSL hooks.