I have a PCAP file I am trying to decrypt, and a TLS keylog file produced by nodejs (using the --tls-keylog option)
I am trying to convert the HTTP messaging inside the PCAP file into WARC format, but cannot figure out how to use the command line tshark util to decrypt the relevant traffic. I can do so in the Wireshark UI by updating TLS PMS setting and then right clicking and choosing to follow the HTTP stream, how can I recreate this behaviour with tshark?
I'd also like to print out the "follow" view for _all_ HTTP connections in a PCAP file (including HTTPS and HTTP2), in JSON format if possible? thanks!
