-
Decrypting SSL/TLS Traffic with Wireshark and ProxySQL
Decrypting SSL/TLS Traffic with Wireshark and ProxySQL
In this guide, we will walk you through the process of decrypting SSL/TLS traffic to and from ProxySQL using Wireshark. By enabling the SSLKEYLOG feature in ProxySQL and configuring Wireshark to use the SSL key log file, you will be able to view the decrypted traffic for debugging and analysis purposes.
Prerequisites
Before we begin, make sure you have the following:
ProxySQL installed and running.
Wireshark installed on your machine.
Enabling SSLKEYLOG in ProxySQL
You can enable the SSLKEYLOG feature in ProxySQL either by modifying the configuration file or via runtime queries.
Enabling SSLKEYLOG via Configuration File
Open the ProxySQL configuration file (typically proxysql.cnf) in a text editor.
Add or modify the following line to enable SSLKEYLOG support:
admin-ssl_keylog_file = <path_to_sslkeylog_file>
Replace ‘<path_to_sslkeylog_file>’ with the absolute path or relative path (see Understanding Absolute and Relative Paths) where you want to store the SSL key log file. If you want to disable the SSLKEYLOG feature, leave this variable empty.
Save the configuration file and restart ProxySQL for the changes to take effect.
Enabling SSLKEYLOG via Runtime Queries
Connect to the ProxySQL administration interface using your preferred MySQL client.
Execute the following runtime query to enable the SSLKEYLOG feature:
SET admin-ssl_keylog_file='<path_to_sslkeylog_file>';
LOAD ADMIN VARIABLES TO RUNTIME;
Replace ‘<path_to_sslkeylog_file>’ with the absolute path or relative path (see Understanding Absolute and Relative Paths) where you want to store the SSL key log file. If you want to disable the SSLKEYLOG feature, set the value to an empty string.
Capturing and Decrypting SSL/TLS Traffic
Capturing SSL/TLS Traffic
Open Wireshark on your machine.
Start a new capture in Wireshark by clicking on the Capture > Options button (or press ‘Ctrl + K’).
In the capture options, select the network interface where ProxySQL’s traffic flows through and click Start.
Perform the actions that generate SSL/TLS traffic to and from ProxySQL that you want to decrypt (e.g., sending query to backend server).
Once you have captured the desired traffic, stop the capture in Wireshark.
In the Wireshark main window, you should see the captured packets.
Decrypting SSL/TLS Traffic
To decrypt the SSL/TLS traffic, Wireshark will use the SSL key log file generated by ProxySQL.
Go to Edit > Preferences (or press ‘Ctrl + Shift + P’).
In the Preferences window, select Protocols > TLS.
Click on the (Pre)-Master-Secret log filename browse button.
In the file dialog, navigate to the location where you specified the SSL key log file in ProxySQL’s configuration or runtime query.
Select the SSL key log file and click Open.
Click OK to close the Preferences window.
Analyzing Decrypted Traffic
Now that you have successfully decrypted the SSL/TLS traffic, you can analyze it in Wireshark:
Decrypting SSL/TLS Traffic
Select a packet that contains SSL/TLS traffic.
Expand the Transport Layer Security section in the packet details.
You should see decrypted information such as Client Hello, Server Hello, Application Data, etc.
Analyze the decrypted information to troubleshoot issues or gather insights about the SSL/TLS communication.
Decoding SSL/TLS Traffic as MySQL Protocol
Select a packet that contains SSL/TLS traffic.
Right-click on the packet and choose Decode As.
In the Decode As dialog, select + button.
In the Current column, locate the row with the TCP protocol and the appropriate source or destination port (e.g., 13306 for MySQL).
In the Decode As column, select MySQL from the dropdown menu.
Click OK to apply the decoding changes.
Wireshark will now interpret the selected packets as MySQL traffic, allowing you to view the decrypted MySQL protocol information.
Expand the Transport Layer Security section in the packet details.
You should see decrypted information such as Client Hello, Server Hello, Application Data, etc., along with the MySQL protocol-specific details.
Analyze the decrypted information to troubleshoot issues or gather insights about the MySQL communication.
Congratulations! You have successfully configured Wireshark to decrypt SSL/TLS traffic to and from ProxySQL using the SSLKEYLOG feature. This allows you to gain deeper visibility into the encrypted traffic for debugging and analysis purposes.
Understanding Absolute and Relative Paths
When specifying the ‘admin-ssl_keylog_file’ variable, you have two options:
Absolute Path: If you provide an absolute path, ProxySQL will use that exact path to create the SSL key log file. For example: ‘/var/log/sslkeylog.txt’
Relative Path: If you provide a relative path, ProxySQL will automatically convert it to an absolute path by prefixing it with the ProxySQL data directory path. For example: ‘sslkeylog.txt’ will be converted to ‘<data_dir>/sslkeylog.txt’. The ‘<data_dir>’ represents the ProxySQL data directory path, which is typically set in the ProxySQL configuration.
The post Decrypting SSL/TLS Traffic with Wireshark and ProxySQL appeared first on ProxySQL.
-
Undo Log Truncation Bug in 8.0 leads to Data Corruption
I am upset about this one : I have a hard time not seeing this as negligence, and it starts to become a pattern... So please forgive me if this post is not my most diplomatic, because I really think someone deserves a kick in the butt ! But what is all this about...
There is a MySQL bug, which can lead to data corruption, opened for 8.0 in September 2023, fixed in MySQL 8.4.0 (
-
JavaScript Stored Routines in Percona Server for MySQL: A New Era for Database Programmability
For decades, we’ve accepted a painful compromise: if you wanted logic inside the database, you had to write SQL/PSM (Persistent Stored Modules). It’s clunky, hard to debug, and declarative by nature, making it terrible for algorithmic tasks. That ends with Percona Server 8.4.7-7. We are introducing JS Stored Programs as a Tech Preview. Unlike Oracle’s […]
-
100 SQL MCQ with Answers (SQL Test 2026)
This SQL Test 2026 contains 100 SQL MCQ with Answers to help you practice and improve your SQL knowledge. These SQL MCQ questions cover the most important SQL topics, including basics, joins, queries, functions, constraints, keys, etc. This SQL Test is ideal for students, freshers, developers, and anyone preparing for placements, coding interviews, online tests, […]
-
🚀 Lightning-Fast Archiving in MySQL HeatWave Using Table Partition Exchange
Managing large datasets can be a balancing act between performance and storage. Keeping your “hot” data lean is critical for speed and memory efficiency. But what about the “cold” data you still need to retain? Partition Exchange Archiving a simple, production-ready strategy that lets you instantly move old data out of your primary tables without […]
|
