Wednesday, September 14, 2016

Analyze http2 with Wireshark

Most of the time http2 requests are sent over TLS, which means that Wireshark needs to decrypt information before we can analyze it. Fortunately, Chrome allows to dump cryptographic keys in the file. To do that, before you start Chrome, export environmental variable SSLKEYLOGFILE:
export SSLKEYLOGFILE=/home/jsn/Downloads/sslkeys/sslkeys.log
Firefox also allows to do it, but as for now (48) it is disabled by default. Get more information Now we need to configure Wireshark to use exported keys. Go to Edit - Preferences - Protocols - SSL and point (Pre)-Master-Secret log filename to the file with keys (/home/jsn/Downloads/sslkeys/sslkeys.log) Now you can filter records by http2 and analyze them.