mac環境使用wireshark抓取https

配置SSL解密

1. cd ~ && make tls && cd tls && touch sslkeylog.log
2. launchctl setenv SSLKEYLOGFILE ~/tls/sslkeylog.log 設置啓動的應用讀取環境變量
3. Preferences -> Protocols -> SSl -> (Pre)-Master-Secret 添加sslkeylog文件

capture filter

• [not] primitive [and|or [not] primitive ...]
• host 172.18.5.4 //捕獲[源/目的]IP地址
• net 192.168.0.0/24 //IP範圍192.168.0.1-192.168.0.255
• net 192.168.0.0 mask 255.255.255.0 //IP範圍192.168.0.1-192.168.0.255
• src net 192.168.0.0/24 //源IP範圍192.168.0.1-192.168.0.255
• src net 192.168.0.0 mask 255.255.255.0 //源IP範圍192.168.0.1-192.168.0.255
• dst net 192.168.0.0/24 //目的IP範圍192.168.0.1-192.168.0.255
• host www.example.com and not (port 80 or port 25) //非http和非smtp
• host www.example.com and not port 80 and not port 25
• tcp port 23 and host 10.0.0.5 //使用tcp協議, 端口號23, [源/目的]IP地址
• tcp port 23 and not src host 10.0.0.5