Cloudflared SSL keys for decrypting DoH traffic with wireshark

Hi there,
I am using cloudflared (in a dockerized environment) as a DoH proxy for my local Do53 DNS queries.
The docker environment is only for ease, it does not affect the setup in terms of my question :slight_smile:

What I want to do is to see the DoH packets leaving the network decrypted in Wireshark. For this, I would need the SSL keys used by cloudflared for connecting to the DoH server. Similar to what one can do with Firefox by setting the environment variable SSLKEYLOGFILE.

The desired setup is as follows.

cloudflared_question.drawio
Can I do this somehow? Can cloudflared instructed to store the SSL key files?

This isn’t possible with the Cloudflare version of Cloudflared. If you wanted to do it, then you would have to fork the project and edit the tlsconfig section for it to export the keys.

Hi, thanks for the quick answer.
Can you point me to the project and its file I should fork and modify, respectively?

Much appreciated.
Thank you

Sure the project is

the file you need to change is

and you need to add the KeyLogWriter field, which is an `io.Writer. Here are the golang tlsconfig docs.

1 Like