sklton-key, pronounced 'skeleton key', allows you to decrypt TLS traffic of a
target go process. sklton-key attaches to go processes and intercepts the
KeyLogWriter method to enable SSLKEYLOGFILE-style logging of TLS secrets.
- binary must contain DWARF debugging information
- binary must be compiled with at least go1.8
go install github.com/amlweems/sklton-key
$ sklton-key -h
Usage of sklton-key:
-pid int
Pid to attach to.
-cmd string
Command to launch and attach to.
-log string
Log file to write key log to (default "skl.log")
-tcpdump
If true, capture packets and save pcap to a file
-dev string
Device to capture packets on (default "eth0")
-pcap string
Path to write pcap to (default "skl.pcap")
You may now start your target process and launch sklton-key to begin writing
the key log:
$ sklton-key -cmd ./target-binary -tcpdump -dev en0
Once the binary begins making requests, you can use Wireshark to decrypt the
packet capture. Wireshark 1.6.0 and above can use these log files to decrypt
packets. Set the following Wireshark setting to your skl.log file.
Edit→Preferences→Protocols→TLS→(Pre)-Master-Secret log filename
