I have noticed that there is this solution which is great if I need to look at the message dump (and there are ways to do that without using this method) but it only confines itself to the application itself.Īssuming the applications aren't using certificate / public key pinning (or that you can alter the pins if they are), your best bet is almost certainly an intercepting proxy. Is there a way for me to achieve the same but from a Windows perspective? I almost want to say using any tool, method, etc. Problem with all those are that they are for Linux environments and not for Windows. You either attach the gdb to the running instance and hook in to some callback event OR you use some workaround by using a library that can override the existing library that nginx would have used. I came across this question where people have answered by saying that nginx can be used to "intercept" the call and then write out to a sslkeylog file. My only avenue (that I can think of) is to setup a reverse-proxy on the client side and let my client app connect to this reverse-proxy and let this reverse-proxy do the call and extract the secrets as well. There is a way using the SslStream and combining it with Bouncy castle's library but I am not using the TcpClient so that won't help me. NET to extract those secrets but to no avail (they do have a feature request logged for. NET client and server component and I've tried to google for ways to get IIS and. This is useful to know but it won't help me in my case. I know that Chrome and Firefox browsers can export a sslkeylog file that can be consumed by Wireshark if I set an environment variable SSLKEYLOGFILE to do so.
My need is to be able to observe what happens over a network and not necessarily see the contents of the messages but I do need to be able to identify requests which I only seem to know how to do when it is decrypted. Unfortunately I have not been successful in this endeavour. My only hope is to get hold of the pre-master secrets from either the client or the server to do that. The applications are communicating using HTTP over TLS 1.2. NET applications (both on Windows platforms) using Wireshark but due to the Diffie Hellman with perfect forward secrecy, I cannot use my private key from the server to decrypt the session keys. I have attempted to decrypt traffic between two.