https: Sniffing encrypted traffic locally

Some HTTP clients (including Chrome-based and libcurl based) respect the environment variable SSLKEYLOGFILE to supply them with the path to write "pre-master" encryption secrets so other tools can decrypt the network traffic.

You can start a traffic sniffer, and configure it to decrypted HTTPS traffic:

Wireshark can be configured to read those secrets to decrypt traffic:

Edit -> Preferences -> Protocols -> TLS, and change the (Pre)-Master-Secret log filename preference to the path

tshark can do the same:

tshark -o tls.keylog_file:"$SSLKEYLOGFILE"

Now you have a traffic sniffer watching, start an HTTP client and ask it to log keys it generates as part of its TLS operations:

export SSLKEYLOGFILE=~/sslkey.log
# Open browser with this environment
open -a "Brave browser"
# Or make request directly from this environment
curl https://blog.edwardsnjd.com/