1.在Wireshark官網(https://www.wireshark.org/#download)下載對應的Wireshark安裝包,進行安裝
2.增加系統環境變量設置(計算機 -- 右鍵 -- 屬性--高級系統設置--高級--環境變量--系統變量--新建)
變量名:SSLKEYLOGFILE
變量值:%USERPROFILE%\sslkeysENV.pms
3.在CMD使用命令行啟動chrome瀏覽器
> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ssl-key-log-file=%USERPROFILE%\sslkeysARG.pms
4.設置Wireshark
(1)打開Wireshark--編輯--首選項--Protocols--SSL
(2)設置(Pre)-Master-Secret log filename
C:\Users\fanyegong\sslkeysARG.pms (使用自己的用戶名替換fanyegong)
(3)設置SSL debug file (此步驟可選)
C:\Users\fanyegong\ssl.log
5.此時便可以在Wireshark中查看http2的流量了
附:
1.wiresharkx顯示過濾器設置方法:(捕獲過濾器在 捕獲--捕獲過濾器里設置)
ip.src == 192.168.1.102 or ip.dst == 192.168.1.102
((ip.src==192.168.1.102 && ip.dst==123.125.114.144) || (ip.src==123.125.114.144 && ip.dst==192.168.1.102)) && tcp.port==80
tcp.port==80
tcp.dstport==80
tcp.srcport==80
http.request.method=="GET"
http.request.method=="POST"
http.host contains "xxx.xx.com"
http.response.code==302
http.cookie contains guid
http.request.uri=="/aaa/bbb"
http.request.full_uri=="http://xxx.com/aaa/bbb"
http.server contains "nginx"
http.request.version == "HTTP/1.1"
連接符: and or contains
如果不清楚規則設置或者想查看更多的規則,可以點開這里設置:
比如搜素HTTP HOST的規則:
