Proxyman icon indicating copy to clipboard operation
Proxyman copied to clipboard
verified publisher icon ProxymanApp

Support TLS key logging

Open seidnerj opened this issue 2 years ago • 3 comments

Description

Support TLS key logging, this can be implemented by Proxyman looking for a "SSLKEYLOGFILE" environment variable as is done in other applications or by some other means (UI-wise).

Why this feature/change is important?

I am trying to debug issues that seem to origin in the communicate between Proxyman and the target server, I am using Wireshark to look at the relevant traffic but unfortunately (in this case) it is encrypted (TLS), if the keys could be logged as in other applications, I could then load them to Wireshark and take a look at the unencrypted traffic. Without this, I have no insight into what is happening between Proxyman and the target server.

seidnerj avatar Jun 07 '23 18:06 seidnerj

Thanks for opening the ticket. I might consider to implement this feature if we collect more requests 👍

NghiaTranUIT avatar Jun 08 '23 14:06 NghiaTranUIT

agreed, I have similar issue, I need to compare request between app to proxyman and proxyman to target server

swznd avatar Sep 20 '23 12:09 swznd

June 1, 2024. Excuse me, is it supported now?

dabing1022 avatar Jun 01 '24 03:06 dabing1022

Any news ? @NghiaTranUIT

novitae avatar Jan 08 '25 10:01 novitae

@novitae To be honest, I don't know how to implement it. Can you show me the current solution from another app?

NghiaTranUIT avatar Jan 08 '25 11:01 NghiaTranUIT

@novitae To be honest, I don't know how to implement it. Can you show me the current solution from another app?

I just took a look at how mitmproxy does it, but their backend is python, so it will be different for you.

What crypto backend are you using ? OpenSSL ? If it is, or any other big one, I'm pretty sure it's easy and there are already methods to make it easier. I am willing to do the researches !

novitae avatar Jan 08 '25 12:01 novitae

@novitae It's what you're looking for?

Screenshot 2025-01-08 at 7 43 42 PM

  • mitmproxy does TLSKeyLogging for both way: client -> mitmproxy, and mitmproxy -> servers. Do you need both?

NghiaTranUIT avatar Jan 08 '25 12:01 NghiaTranUIT

  • mitmproxy does TLSKeyLogging for both way: client -> mitmproxy, and mitmproxy -> servers. Do you need both?

Yes usually you have to log both

novitae avatar Jan 08 '25 12:01 novitae

thanks. I will add it. What do you do with this file? These secrets don't link with certain domains, so It's hard to know which domain SSL is.

NghiaTranUIT avatar Jan 08 '25 13:01 NghiaTranUIT

thanks. I will add it. What do you do with this file? These secrets don't link with certain domains, so It's hard to know which domain SSL is.

Yes I must admit the way it works I a bit confusing, and I couldn't explain to you how it works to find which key is for which connection, but read this you might understand better:

https://wiki.wireshark.org/TLS#Using%20the%20(Pre)-Master-Secret

novitae avatar Jan 08 '25 13:01 novitae

@novitae @dabing1022 @swznd @seidnerj Good news: TLS Key Logging is officially supported on this Beta build: https://download.proxyman.io/beta/Proxyman_5.12.2_Support_TLS_Key_Logging.dmg

You can access it in the Tool menu -> TLS Key Logging -> Select your File or Folder.

Screenshot 2025-01-11 at 11 08 12 AM
  • I prefer using UI because macOS app can't read your system env SSLKEYLOGFILE

NghiaTranUIT avatar Jan 11 '25 04:01 NghiaTranUIT

Thank you ! I just tried it and decrypted with Wireshark, it works perfectly

novitae avatar Jan 11 '25 09:01 novitae

This is awesome!!! Thank you so much @NghiaTranUIT! 🙏

seidnerj avatar Jan 11 '25 11:01 seidnerj