sslkeylogmerge
An application to merge multiple SSL Keylog Files into one
Suppose you want to inspect TLS traffic from multiple applications at once using Wireshark, and each of these applications supports the SSLKEYLOGFILE environment variable to dump their connection keys to a file.
Unfortunately, Wireshark only supports reading secrets from one SSLKEYLOGFILE at a time.
This application will read each application's separate SSLKEYLOGFILE and combine them into a single file for Wireshark to consume.
Installation
go build . -o sslkeylogmerge
Usage
USAGE:
sslkeylogmerge [global options] command [command options]
COMMANDS:
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--output file, -o file output file [$SSLKEYLOGFILE]
--input file, -i file [ --input file, -i file ] individual input file(s)
--watch directory, -w directory [ --watch directory, -w directory ] watch directory(ies)
--help, -h show help
Examples
Merging the SSL key logs from cURL, Chrome, and Firefox
- Start the merge application:
./sslkeylogmerge -o ~/sslkeys.log \
-i ~/sslkeylogs/curl.log \
-i ~/sslkeylogs/chrome.log \
-i ~/sslkeylogs/firefox.log
- Open Firefox
SSLKEYLOGFILE=~/sslkeylogs/firefox.log open -a firefox
- Open Chrome
SSLKEYLOGFILE=~/sslkeylogs/chrome.log open -a chrome
- Run your cURL command
SSLKEYLOGFILE=~/sslkeylogs/curl.log curl https://example.net
- Configure Wireshark to read TLS secrets from ~/sslkeys.log
Merging by watching a directory
- Start the merge application:
./sslkeylogmerge -o ~/sslkeys.log \
-w ~/sslkeylogs/
- Continue from step 2 in the first example