mitmproxy: SSL keys not decrypting in Wireshark

0
votes

And I'm not sure why.

mitmproxy installed with pip on Kali Linux.

Run using $ SSLKEYLOGFILE="$PWD/.mitmproxy/sslkeylogfile.txt" mitmproxy as per https://docs.mitmproxy.org/master/howto-wireshark-tls/

Firefox using FoxyProxy with proxy to 127.0.0.1:8080. Certificate installed.

Wireshark configured to use sslkeylogfile.txt also as per above docs.

And then go.

mitmproxy sees traffic: mitmproxy

SSL key log file adds keys: sslkeylogfile

And Wireshark captures traffic, but nothing is decrypted: wireshark

As would be expected with successful SSL key usage https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/

What am I doing wrong?

Thanks

1
sslencryptionwiresharkmitmproxy
The Wireshark screenshot shows TLS1.3 connections. Therefore you are likely affected by this issue.Robert
Thanks Robert. How do I disable TLS1.3 in Firefox? I changed security.tls.version.max to 3 in Firefox (4 is TLS1.3, 3 is 1.2) but I'm still getting 1.3 traffic (confirmed by ssllabs.com)jamesdeluk

1 Answers

1
votes

MitmProxy has at the moment an open issue that prevents writing a correct SSLKEYLOGFILE when TLS 1.3 is used.

Therefore my recommendation would be to disable TLS 1.3 for connections from client to MitmProxy and for connections from MitmProxy to the server. This can be done using the following command-line options:

--set ssl_version_server=TLSv1, TLSv1_1, TLSv1_2
--set ssl_version_client=TLSv1, TLSv1_1, TLSv1_2

See also MitmProxy documentation: https://docs.mitmproxy.org/stable/concepts-options/