Option 1: Via macOS environment variable:

1. mkdir -p ~/Library/LaunchAgents
2. Put tlskeylogger.plist at ~/Library/LaunchAgents/tlskeylogger.plist
3. launchctl load ~/Library/LaunchAgents/tlskeylogger.plist, so it will load on the next restart
4. launchctl start ~/Library/LaunchAgents/tlskeylogger.plist, so it will load the environment variable immediately
5. Restart your browser(s)
6. See how TLS keys are being written to ~/.tlskeyfile via tail -f ~/.tlskeyfile

NB: This may be hit or miss and many apps do not respect the env var.

Option 2 (recommended): Via mitmproxy:

Install xbar (the bitbar successor), use this plugin to toggle the macOS proxy settings for 8080, which is used by Burp and mitmproxy

SSLKEYLOGFILE=~/.tlskeyfile mitmproxy

The certificate for mitmproxy will be generated on install and can be retrieved from http://mitm.it when everything is up and running.

If you are trying to intercept a process running as root, you MUST trust the cert as root

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "path/to/mitmproxy-ca-cert.pem"