Applications like Mozilla Firefox and Google Chrome support symmetric session key logging to a file. Wireshark has the functionality to read the session keys from this file and use them to decrypt the TLS sessions.

Configuration Steps

1. In Windows, navigate to Control Panel > System and Security > System then click Advanced System Settings
   
   
   
   
2. On the System Properties dialog that appears, click Environment Variables
   
   
   
   
3. Click New... to create a new user variable and then fill out the dialog with the variable name SSLKEYLOGFILE and set the value to the file path you would like keys written to, e.g: C:\temp\sslkeylog.log.
   
   
   
   
4. Restart the computer
5. In Wireshark, navigate to Edit and open Preferences
   
   
   
   
6. Expand the Protocols menu
   
   
   
   
7. If you are using Wireshark 2.9+, navigate to the TLS protocol. If you are using a previous version of Wireshark, navigate to SSL
8. For (Pre)-Master-Secret log filename, click Browse then select the log file you created for step (3).
   
   
   
   
9. You will now notice packets containing the protocol under the TLS layer. In addition, there will be a Decrypted TLS tab at the bottom of the packet bytes view.