1.在Wireshark官网(https://www.wireshark.org/#download)下载对应的Wireshark安装包,进行安装
2.增加系统环境变量设置(计算机 -- 右键 -- 属性--高级系统设置--高级--环境变量--系统变量--新建)
变量名:SSLKEYLOGFILE
变量值:%USERPROFILE%\sslkeysENV.pms
3.在CMD使用命令行启动chrome浏览器
> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ssl-key-log-file=%USERPROFILE%\sslkeysARG.pms
4.设置Wireshark
(1)打开Wireshark--编辑--首选项--Protocols--SSL
(2)设置(Pre)-Master-Secret log filename
C:\Users\fanyegong\sslkeysARG.pms (使用自己的用户名替换fanyegong)
(3)设置SSL debug file (此步骤可选)
C:\Users\fanyegong\ssl.log
5.此时便可以在Wireshark中查看http2的流量了
附:
1.wiresharkx显示过滤器设置方法:(捕获过滤器在 捕获--捕获过滤器里设置)
ip.src == 192.168.1.102 or ip.dst == 192.168.1.102
((ip.src==192.168.1.102 && ip.dst==123.125.114.144) || (ip.src==123.125.114.144 && ip.dst==192.168.1.102)) && tcp.port==80
tcp.port==80
tcp.dstport==80
tcp.srcport==80
http.request.method=="GET"
http.request.method=="POST"
http.host contains "xxx.xx.com"
http.response.code==302
http.cookie contains guid
http.request.uri=="/aaa/bbb"
http.request.full_uri=="http://xxx.com/aaa/bbb"
http.server contains "nginx"
http.request.version == "HTTP/1.1"
连接符: and or contains
如果不清楚规则设置或者想查看更多的规则,可以点开这里设置:
比如搜素HTTP HOST的规则: