mitmproxy: SSL keys not decrypting in Wireshark
And I'm not sure why.
mitmproxy installed with pip on Kali Linux.
Run using $ SSLKEYLOGFILE="$PWD/.mitmproxy/sslkeylogfile.txt" mitmproxy as per https://docs.mitmproxy.org/master/howto-wireshark-tls/
Firefox using FoxyProxy with proxy to 127.0.0.1:8080. Certificate installed.
Wireshark configured to use sslkeylogfile.txt also as per above docs.
And then go.
mitmproxy sees traffic:
SSL key log file adds keys:
And Wireshark captures traffic, but nothing is decrypted:
As would be expected with successful SSL key usage https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/
What am I doing wrong?
Thanks
MitmProxy has at the moment an open issue that prevents writing a correct SSLKEYLOGFILE when TLS 1.3 is used.
Therefore my recommendation would be to disable TLS 1.3 for connections from client to MitmProxy and for connections from MitmProxy to the server. This can be done using the following command-line options:
--set ssl_version_server=TLSv1, TLSv1_1, TLSv1_2
--set ssl_version_client=TLSv1, TLSv1_1, TLSv1_2
See also MitmProxy documentation: https://docs.mitmproxy.org/stable/concepts-options/
Edit: According to the comments in the issue the problem with TLS1.3 should be solved since Mitmproxy version v6.0.0 (released Dec 13, 2020).
- AWS Lightsail: add SSL to a non-route 53 domain
- Could not establish trust relationship for SSL/TLS secure channel -- SOAP
- How can we run a FastAPI application on two ports one HTTP and one HTTPS without redirecting?
- How to install OpenSSL in windows 10?
- What does "SSLError: [SSL] PEM lib (_ssl.c:2532)" mean using the Python ssl library?
- Is there anyway to get around the SSL_PROTOCOL_ERROR when accessing a website through https when it does not have ssl?
- OpenAS2 AS2ReceiverHandler: HTTP connection error on inbound message
- the format of hash signedCertificate
- I/O error on POST request for in SPRINGBOOT
- let's encrypt Certbot failed to authenticate some domains (authenticator: apache). Failed to verify the temporary Apache configuration changes
- How to make a TLS connection between two peers using Rust tokio_native_tls
- SSLHandshakeException: SSL handshake aborted: ssl=0xbe6af938: I/O error during system call, Connection reset by peer
- How to enable FIPS mode for libcrypto and libssl packaged with Python?
- Composer Curl error 60: SSL certificate problem: unable to get local issuer certificate
- How to install trusted CA certificate on Android device?
- Getting Chrome to accept self-signed localhost certificate
- Can't establish SSL connection to MongoDB from NodeJS program
- Getting CERTIFICATE_VERIFY_FAILED when trying to use slackclient and python 2.7
- How do I configure Nginx Proxy Manager to proxy an OnlyOffice Document Server Docker container?
- How can I redirect a Flutter web application to https?
- How to run Angular e2e with SSL enabled?
- Issues with installing python libraries on Windows : CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://conda.anaconda.org/anaconda/win-64
- How can I know if the request to the servlet was executed using HTTP or HTTPS?
- SSL error downloading NLTK data
- SSL Localhost Privacy error
- How to fix proxyconnect tcp: tls: first record does not look like a TLS handshake
- How to disable or ignore the SSL for the Yfinance package
- Local file as absolute vs relative url: bad for performance or no difference?
- cURL not working (Error #77) for SSL connections on CentOS for non-root users
- PHPMailer - OpenSSL Error