Getting and using KEYLOG files from cURL

2 min read

Trying to debug a web application that is dependent on running over a secure connection is difficult. It used to be that it required you to have the private key (in RSA format) in order to do so, and for those situations, CloudShark Enterprise’s RSA Key Management system is ideal.

The alternative is to grab a “keylog” file from your browser and use that within CloudShark to decrypt the stream. You can read more about what a keylog file is in our post here, and how to use it in CloudShark here.

When you’re doing web app Q&A, however, often you want to use a command line tool like cURL to automate your testing. Luckily, you can now use keylogging in cURL 7.56.0 to troubleshoot secure web apps!

How we did it

In order to use this feature in cURL, you’ll need to enable it at compile time (unfortunately). That means building cURL in linux or OSX using the following commands:


After it’s compiled, you can then set the environment variable that specifies the path you want for your keylog file. You can do this at run time in a command line like this:

SSLKEYLOGFILE=~/curl_ssl_keylog.keylog ./curl -k <target URL>

Afterwards, when you get a capture that contains HTTPS data that is visiting the target URL, you can use the resulting keylog file in CloudShark to view the decrypted data.

It’s a little work, but very valuable for using cURL to debug web apps. Like ours.

Get articles like this in your inbox: