Write SSLKEYLOGFILE as firefox/chrome in order to be able to decrypt SSL/TLS pcap files towards servers

[GoogleCodeExporter]

Hello,
please would it be possible to (upon some option or settings) write a file with 
the used SSL keys, so it is possible to decrypt the recorded pcap of the 
communication ZAP is having with the outside world?

Similar feature is implemented in the firefox and chrome. By exporting variable 
SSLKEYLOGFILE with a name of file, will write the session keys to the file so 
later on it is possible to decrypt the captured network traffic.

More information:
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets/16415
/
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-t
he-easy-way/

Thank you for considering
Michal Ambroz

Original issue reported on code.google.com by michal.a...@gmail.com on 11 May 2015 at 11:42

[GoogleCodeExporter]

Here is sample code how the SSLKEYLOGFILE could be working in Java.
https://gist.github.com/benmmurphy/11349193

Original comment by michal.a...@gmail.com on 11 May 2015 at 11:47

[GoogleCodeExporter]

ZAP has been migrated to github

This issue will be on github issues with the same ID: 
https://github.com/zaproxy/zaproxy/issues

Original comment by psii...@gmail.com on 5 Jun 2015 at 9:18

• Changed state: Done