Cloudflared SSL keys for decrypting DoH traffic with wireshark

cs.lev · January 6, 2023, 9:29am

Hi there,
I am using cloudflared (in a dockerized environment) as a DoH proxy for my local Do53 DNS queries.
The docker environment is only for ease, it does not affect the setup in terms of my question

What I want to do is to see the DoH packets leaving the network decrypted in Wireshark. For this, I would need the SSL keys used by cloudflared for connecting to the DoH server. Similar to what one can do with Firefox by setting the environment variable SSLKEYLOGFILE.

The desired setup is as follows.

cloudflared_question.drawio
Can I do this somehow? Can cloudflared instructed to store the SSL key files?

Cyb3r-Jak3 · January 6, 2023, 11:55pm

This isn’t possible with the Cloudflare version of Cloudflared. If you wanted to do it, then you would have to fork the project and edit the tlsconfig section for it to export the keys.

cs.lev · January 7, 2023, 7:26am

Hi, thanks for the quick answer.
Can you point me to the project and its file I should fork and modify, respectively?

Much appreciated.
Thank you

Cyb3r-Jak3 · January 7, 2023, 4:03pm

Sure the project is

the file you need to change is

github.com

cloudflare/cloudflared/blob/master/tlsconfig/tlsconfig.go

// Package tlsconfig provides convenience functions for configuring TLS connections from the
// command line.
package tlsconfig

import (
	"crypto/tls"
	"crypto/x509"
	"io/ioutil"

	"github.com/pkg/errors"
)

// Config is the user provided parameters to create a tls.Config
type TLSParameters struct {
	Cert                 string
	Key                  string
	GetCertificate       *CertReloader
	GetClientCertificate *CertReloader
	ClientCAs            []string
	RootCAs              []string

This file has been truncated. show original

and you need to add the KeyLogWriter field, which is an `io.Writer. Here are the golang tlsconfig docs.