配置SSL解密
- cd ~ && make tls && cd tls && touch sslkeylog.log
- launchctl setenv SSLKEYLOGFILE ~/tls/sslkeylog.log 设置启动的应用读取环境变量
- Preferences -> Protocols -> SSl -> (Pre)-Master-Secret 添加sslkeylog文件
capture filter
- [not] primitive [and|or [not] primitive …]
- host 172.18.5.4 //捕获[源/目的]IP地址
- net 192.168.0.0/24 //IP范围192.168.0.1-192.168.0.255
- net 192.168.0.0 mask 255.255.255.0 //IP范围192.168.0.1-192.168.0.255
- src net 192.168.0.0/24 //源IP范围192.168.0.1-192.168.0.255
- src net 192.168.0.0 mask 255.255.255.0 //源IP范围192.168.0.1-192.168.0.255
- dst net 192.168.0.0/24 //目的IP范围192.168.0.1-192.168.0.255
- host www.example.com and not (port 80 or port 25) //非http和非smtp
- host www.example.com and not port 80 and not port 25
- tcp port 23 and host 10.0.0.5 //使用tcp协议, 端口号23, [源/目的]IP地址
- tcp port 23 and not src host 10.0.0.5
发表回复