[nhoughto]

This looks handy, better ergonomics than strace to just hook into http requests of a running process.

I wonder how it works with TLS if it’s working at the socket level..

[xtreak29]

There seems to be an issue open for this https://github.com/simsong/tcpflow/issues/58

[youngtaff]

I’m guessing it doesn’t work with TLS as it’d need the keys to decrypt the traffic

[LinuxBender]

I recall seeing a thread somewhere saying tcpflow would not add this capability and they point people to ssldump [1][2] and even that has some limitations.

[1] - https://github.com/adulau/ssldump

[2] - https://linux.die.net/man/1/ssldump

[fmajid]

With TLS 1.3 and Perfect Forward Safety, even knowing the secret key is no longer enough. Otherwise, ssldump is a tool that would dump sessions if you knew the server private key and were somehow able to force negotiating a non-PFS TLS 1.2 cipher suite.