curl support the SSLKEYLOGFILE environment variable, but the program doesn't support SSLKEYLOGFILE.When you use Internet Explorer, you can use Event Trace Sessions (Microsoft-Windows-WinINet-Capture) from Performance Monitor to capture HTTPS requests/responses in plaintext.
I had tried to capture the traffic in the same way, but with Microsoft-Windows-WinINet-Capture, nothing was captured in the .etl file. The programs seem to use the WebClient class rather than WinINet.
Is there any Microsoft-Windows-WinINet-Capture equivalent to capture HTTPS traffic and see content in plaintext, for programs that don't use WinINet?
It is preferable to be able to capture and see the traffic with Windows out-of-box features (without additional programs or man-in-the-middle HTTP proxies like Fiddler or Ethercap).
Is there any
Microsoft-Windows-WinINet-Captureequivalent to capture HTTPS traffic and see content in plaintext, for programs that don't use WinINet?
No, there is not. SSL/TLS-encrypted data is application data. Each app decides for itself if (and how) it exposes the plaintext data to the outside world. There is no single solution for capturing plaintext of all apps when SSL/TLS is involved. Especially for apps that use plain WinSock calls directly with 3rd party libs like OpenSSL, or Microsoft's SChannel API, to handle the SSL/TLS encryption of the data.
It is preferable to be able to capture and see the traffic with Windows out-of-box features (without additional programs or man-in-the-middle HTTP proxies like Fiddler or Ethercap).
Sorry, but using an intermediate proxy is the only option for apps that don't provide their own logging.
For example, Fiddler can capture plaintext traffic from WinInet HTTPS connections only because it globally redirects WinInet connections to its own HTTPS-aware proxy, which decrypts inbound data and then re-encrypts it when sending out to the destination.
Non-WinInet apps would need to go through a similar proxy, if they don't log their own plaintext data.