Clipper is a network debugging tool that intercepts TLS traffic to allow the traffic to be viewed on Chrome Dev Tools. What interests me the most is how it decrypt TLS traffic.

There are several ways to do that that I know of: The first method is with environment variable SSLKEYLOGFILE; tools that respect the environment can dump the keys to the specified file, which can picked up by tools like Wireshark. The problem is that many tools doesn't respect the variable out of box. The second is MITM the traffic with a self-signed certificate. This method doesn't work with TLS key pinning and does not truly reflect the traffic due to the proxy layer.

Clipper instead used the trick to LD_PRELOAD a library that uses Frida to hook library functions (e.g. OpenSSL) to extract the keys, and implement a universal SSLKEYLOGFILE support.

The design of HTTP/3 by Daniel Stenberg.

The design of HTTP/2 by Daniel Stenberg.

This article talks about the evolution of HTTP versions. From the earliest HTTP/0.9 where there is just a single bare GET method and supports no headers, to HTTP/3 which is completely optimized for speed and security. By the way, HTTP/0.9 resembles FTP a lot, which is interesting.

No need to trust self-signed certificate to intercept tls traffic, if we have the secret keys.

websocket explained in detail

<blockquote>A free, fast and beautiful API request builder</blockquote>