Add SSL keylogfile support for advanced network troubleshooting

[skyhirider]

Bruno could support SSLKEYLOGFILE so that network monitoring and troubleshooting tools like Wireshark could be used with it.

Use case:
I was setting up oauth credentials and the requests were failing. The window in Bruno did not show me the request and response flow as it was inside the authentication tab, so I had no way to properly troubleshoot. I needed to know the exact url that was queried as well as the payload and server response, but it was nowhere to be found.

I figured I could intercept the traffic via Wireshark like I can do with Chrome via the SSLKEYLOGFILE that allows the intercepted traffic to be decrypted locally so that I can inspect what is going wrong.

Nope, Bruno dues not support that even thou it is running Chrome version 106.

Is this something that could be added or enabled? Maybe its just one switch you need to toggle in Electron.

[PushpenderSaini0]

Even i had similar issue with the oauth , were you using client credential ?

It was a small fix that has been merged here !

• This will be released in the next version .

Also if you wish to examine the calls made by bruno i think something like wireshark is overkill.

You could easily use a proxy and debug your traffic there, i have used this to fix the auth issue above !

[skyhirider]

For me the issue was that I put in the url with the unique oauth string a the and as well, and Bruno was probably appending it again.
Would be an easy fix if I could see what request was sent and which url was used, but there was no way to find it.
Resorted to Wireshark in the end, but that did not help as I could not decrypt the message either.
Was by dumb luck I tried a shorter url. Wasted time on this, time I could have spend on something else :(

[PushpenderSaini0]

You can use a simple proxy tool like https://httptoolkit.com/ as a proxy to check what calls are being made by bruno.

[andrei-korshikov]

Well, SSLKEYLOGFILE is supported by the application itself, so you can see keys e.g. when application starts and looks for updates. But this environment variable does not affect user-created requests, so the feature request is perfectly valid.

See e.g. #645. With SSLKEYLOGFILE and Decrypting SSL with Wireshark it would be way easier to understand what is really on the wire when traffic is encrypted. And it is not only about "debugging Bruno", but about debugging encrypted server responses too.

if you wish to examine the calls made by bruno i think something like wireshark is overkill

It depends. Network packets are the ultimate answer:) Also, it depends on user's preferences/background/environment—e.g. I feel comfortable with Wireshark, and installing a proxy to debug traffic seems a bit overkill:))

[andrei-korshikov]

You can use a simple proxy tool like HTTP Toolkit as a proxy to check what calls are being made by Bruno.

• Bruno without HTTP Toolkit automatic interception: Connection header value is keep-alive. Both for direct connection and connection via configured HTTP or SOCKS5 proxy (for any proxies I have, including mitmproxy and HTTP Tunnel).
• Bruno with HTTP Toolkit automatic interception (i.e. "Start an Electron binary with HTTP Toolkit's settings injected, to intercept all its HTTP & HTTPS traffic."): Connection header value is close.

Some related explanations from the HTTP Toolkit author—Tim Perry—is in httptoolkit/httptoolkit#311.

Basically, that is why I prefer to use Wireshark—no traffic mangling, I see what is really going on.

I would definitely recommend to also look at mitmproxy. Bruno has all needed settings (disabling certificate verification, adding custom CA cert, using proxy of any kind), so it just works too (like HTTP Toolkit does), but without hacking magick in the background:D And it's interface (especially the text one) is a bit wiresharky, yeah;DD

Don't get me wrong, I don't say that HTTP Toolkit is not good—it's awesome, especially for intercept proxy-unaware applications. Any complex tool has its specific caveats and edge cases, so they all complement each other.

[andrei-korshikov]

As far as I understand we want --tls-keylog=file Node.js option to be somehow supported:

Log TLS key material to a file. The key material is in NSS SSLKEYLOGFILE format and can be used by software (such as Wireshark) to decrypt the TLS traffic.

Exactly. Unfortunately, if I run

NODE_OPTIONS="--tls-keylog=${HOME}/.log/ssl_keys.log" /opt/Bruno/bruno

it says

Most NODE_OPTIONs are not supported in packaged apps. See documentation for more details.

and keylog file is not created…

[andrei-korshikov]

I've tried sslkeylog, but with no luck: require('sslkeylog').hookAll(); leads to Error invoking remote method 'send-http-request': TypeError: 'set' on proxy: trap returned falsish for property '_init'.

Maybe I should use Specific connections approach, or even better—'keylog' event of tls.TLSSocket (which is recommended by sslkeylog's author). But how can I get that TLSSocket from Bruno internals?

@Its-treason Could you look? I suspect I'm missing something obvious:(

[Its-treason]

Maybe I should use Specific connections approach, or even better—'keylog' event of tls.TLSSocket (which is recommended by sslkeylog's author). But how can I get that TLSSocket from Bruno internals?

@Its-treason Could you look? I suspect I'm missing something obvious:(

Bruno uses axios for requests. The library is really high-level, and I don't think it is possible to access the underlying TLSSocket.

I'm not a fan of Axios either, its way to limited for debugging, so I implemented my own code for handling requests in my fork that is using node:https: https://github.com/Its-treason/bruno/blob/320016846d3d4ca6b7f39605b13a7d6b1d5f8503/packages/bruno-core/src/request/httpRequest/httpRequest.ts#L143