-
-
Save ilyasKerbal/56a93f72d40bf785f4e37aab6acb4185 to your computer and use it in GitHub Desktop.
Revisions
-
felixhammerl revised this gist
Mar 2, 2022 . 1 changed file with 12 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # Option 1: Via macOS environment variable: 1) `mkdir -p ~/Library/LaunchAgents` 2) Put `tlskeylogger.plist` at `~/Library/LaunchAgents/tlskeylogger.plist` @@ -7,11 +7,21 @@ Via macOS environment variable: 5) Restart your browser(s) 6) See how TLS keys are being written to `~/.tlskeyfile` via `tail -f ~/.tlskeyfile` *NB*: This may be hit or miss and many apps do not respect the env var. # Option 2 (recommended): Via [`mitmproxy`](https://mitmproxy.org/): Install [`xbar`](https://github.com/matryer/xbar) (the bitbar successor), use [this plugin](https://github.com/felixhammerl/bitbar-plugins/blob/master/proxy_status.5s.sh) to toggle the macOS proxy settings for 8080, which is used by Burp and mitmproxy ``` SSLKEYLOGFILE=~/.tlskeyfile mitmproxy ``` The certificate for `mitmproxy` will be generated on install and can be retrieved from [http://mitm.it](http://mitm.it) when everything is up and running. If you are trying to intercept a process running as `root`, you MUST trust the cert as root ``` sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "path/to/mitmproxy-ca-cert.pem" ``` -
Mar 2, 2022 . 1 changed file with 17 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,17 @@ Via macOS environment variable: 1) `mkdir -p ~/Library/LaunchAgents` 2) Put `tlskeylogger.plist` at `~/Library/LaunchAgents/tlskeylogger.plist` 3) `launchctl load ~/Library/LaunchAgents/tlskeylogger.plist`, so it will load on the next restart 4) `launchctl start ~/Library/LaunchAgents/tlskeylogger.plist`, so it will load the environment variable immediately 5) Restart your browser(s) 6) See how TLS keys are being written to `~/.tlskeyfile` via `tail -f ~/.tlskeyfile` Via [`mitmproxy`](https://mitmproxy.org/): Install [`xbar`](https://github.com/matryer/xbar) (the bitbar successor), use [this plugin](https://github.com/felixhammerl/bitbar-plugins/blob/master/proxy_status.5s.sh) to toggle the macOS proxy settings for 8080, which is used by Burp and mitmproxy ``` SSLKEYLOGFILE=~/.tlskeyfile mitmproxy ``` -
Oct 12, 2021 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,5 @@ 1) Put `tlskeylogger.plist` at `~/Library/LaunchAgents/tlskeylogger.plist` 2) `launchctl load ~/Library/LaunchAgents/tlskeylogger.plist`, so it will load on the next restart 3) `launchctl start ~/Library/LaunchAgents/tlskeylogger.plist`, so it will load the environment variable immediately 4) Restart your browser(s) 5) See how TLS keys are being written to `~/.tlskeyfile` via `tail -f ~/.tlskeyfile` -
Oct 12, 2021 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,4 @@ 1) Put `tlskeylogger.plist` at `~/Library/LaunchAgents/tlskeylogger.plist` 2) `launchctl load ~/Library/LaunchAgents/tlskeylogger.plist`, so it will load on the next restart 3) `launchctl start ~/Library/LaunchAgents/tlskeylogger.plist`, so it will load the environment variable immediately 4) Restart your browser(s) -
Oct 12, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,3 @@ 1) Put `tlskeylogger.plist` at `~/Library/LaunchAgents/tlskeylogger.plist` 2) `launchctl load ~/Library/LaunchAgents/tlskeylogger.plist`, so it will load on the next restart 3) `launchctl start ~/Library/LaunchAgents/tlskeylogger.plist`, so it will load the environment variable immediately This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,18 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>sslkeylogger</string> <key>ProgramArguments</key> <array> <string>sh</string> <string>-c</string> <string> launchctl setenv SSLKEYLOGFILE ~/.tlskeyfile </string> </array> <key>RunAtLoad</key> <true/> </dict> </plist>