Fix bugs / got it to work

README.md

@@ -0,0 +1,3 @@
+# node-https-wireshark
+
+See https://sequentialread.com/how-to-get-a-decrypted-wireshark-packet-capture-from-a-node-js-application-that-is-talking-https/

index.js

@@ -1,40 +1,41 @@
 // NOTE: This code is based on the following Github Pull Request comment
 // https://github.com/nodejs/node/issues/2363#issuecomment-278498852
-var https = require('https');
+var https = require("https");
+var fs = require("fs");
 
-// This is from the original comment.  I dont' really know the format
-// that this is stored in, so I'm going to leave it here.  This should
+// This is from the original comment.  I dont really know the format
+// that this is stored in, so Im going to leave it here.  This should
 // be rewritten at some point.  The comment says that the buffer to
-// parse is a DER-encoded ASN.1 structure.  I don't know what that is
+// parse is a DER-encoded ASN.1 structure.  I dont know what that is
 // but this does work
 function parseSession(buf) {
   return {
-    sessionId: buf.slice(17, 17+32).toString('hex'),
-    masterKey: buf.slice(51, 51+48).toString('hex')
+    sessionId: buf.slice(17, 17+32).toString("hex"),
+    masterKey: buf.slice(51, 51+48).toString("hex")
   };
 }
 
 function patchRequest(req) {
-  req.once('socket', function(s) {
-    s.once('secureConnect', function() {
+  req.once("socket", function(s) {
+    s.once("secureConnect", function() {
       var session = parseSession(s.getSession());
       // session.sessionId and session.masterKey should be hex strings
       var id = session.sessionId;
       var key = session.masterKey;
-      var logline = 'RSA Session-ID:' + id + 'Master-Key:' + key + '\n';
+      var logline = "RSA Session-ID:" + id + " Master-Key:" + key + "\n";
       var logfile = process.env.SSLKEYLOGFILE;
       if (!logfile) {
-        console.log('Missing Environment Variable SSLKEYLOGFILE');
+        console.log("Missing Environment Variable SSLKEYLOGFILE");
       }
       fs.appendFileSync(logfile, logline);
     });
   });
 }
 
-function patchHttpModule (https) {
-  var _https = https;
+function patchHttpsModule (https) {
+  var _httpsrequest = https.request;
   https.request = function request(options, callback) {
-    var req = _http.request(options, callback);
+    var req = _httpsrequest(options, callback);
     patchRequest(req);
     return req;
   }
@@ -43,6 +44,6 @@ function patchHttpModule (https) {
 
 module.exports = {
   patchRequest: patchRequest,
-  patchHttpModule: patchHttpModule,
-  https: patchHttpModule(require('https')),
+  patchHttpsModule: patchHttpsModule,
+  https: patchHttpsModule(https),
 }

yarnshark.sh

@@ -0,0 +1,39 @@
+#!/bin/bash 
+
+## To use this, put this script next to your package.json file and run `sudo ./yarnshark.js`
+## then you should have two files, yarn.pcap and SSLKEYLOG
+## Use those files to follow instructions here:  https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/
+
+YARN_RUNTIME_LOCATION="$(dirname "$(readlink -f "$(which yarn)")")"
+
+if [ ! -f "$YARN_RUNTIME_LOCATION/sslkeylogger.js" ]; then
+  curl -s "https://raw.githubusercontent.com/forestjohnsonpeoplenet/node-https-wireshark/master/index.js" > "$YARN_RUNTIME_LOCATION/sslkeylogger.js"
+fi
+cp "$YARN_RUNTIME_LOCATION/yarn.js" "$YARN_RUNTIME_LOCATION/yarn.js.bak"
+
+YARN_CLI_LINE_NUMBER="$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | grep -n -e "^ *var cli = require" | sed "s/\\([0-9][0-9]*\\):.*/\\1/")"
+YARN_CLI_LINE_NUMBER=$(($YARN_CLI_LINE_NUMBER - 1))
+
+FIRST_HALF=$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | head -n $YARN_CLI_LINE_NUMBER)
+LAST_HALF=$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | tail -n +$(($YARN_CLI_LINE_NUMBER + 1)) ) 
+
+echo "$FIRST_HALF" > "$YARN_RUNTIME_LOCATION/yarn.js"
+echo "require(\"./sslkeylogger\")" >> "$YARN_RUNTIME_LOCATION/yarn.js"
+echo "console.log(\"This yarn is logging HTTPS session keys using https://github.com/forestjohnsonpeoplenet/node-https-wireshark\")" >> "$YARN_RUNTIME_LOCATION/yarn.js"
+echo "$LAST_HALF" >> "$YARN_RUNTIME_LOCATION/yarn.js"
+
+#echo "$YARN_RUNTIME_LOCATION/yarn.js"
+#cat "$YARN_RUNTIME_LOCATION/yarn.js"
+
+tcpdump -i any -s 65535 -w yarn.pcap &
+
+TCPDUMP_PID=$!
+
+SSLKEYLOGFILE="$(pwd)/SSLKEYLOG" yarn $@
+
+kill $TCPDUMP_PID
+
+rm "$YARN_RUNTIME_LOCATION/sslkeylogger.js"
+rm "$YARN_RUNTIME_LOCATION/yarn.js"
+mv "$YARN_RUNTIME_LOCATION/yarn.js.bak" "$YARN_RUNTIME_LOCATION/yarn.js"
+