Implement TLS keylog functionality for HTTP Toolkit

[ibrah3m]

• Add SSL keylog configuration to generateHTTPSConfig function
• Create keylog directory structure in config path
• Configure incoming and upstream keylog file paths
• Update package.json to use local mockttp dependency
• Fix mockttp build issues and TypeScript type annotations
• Add GraphQL subscription support for tls-keylog events
• Verify keylog functionality generates NSS Key Log format data
• Enable TLS traffic decryption with Wireshark and Chrome DevTools

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

HTTP Toolkit Developer seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​global-tunnel-ng@​2.7.1
	npm/​rimraf@​2.7.1
	npm/​global-agent@​3.0.0
	npm/​undici@​5.29.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		npm/[email protected] has Obfuscated code. Confidence: 0.94 Location: Package overview From: package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[pimterry]

Hi @ibrah3m. Thanks for looking into this more. Unfortunately I've actually completed most of the work myself separately (here and here), since you didn't reply to that last message! Sorry about that. It does also looks like there are some issues here anyway, as the AI hasn't quite got some of the details right, and it's directly depending by path on some Mockttp changes that aren't included anywhere as well. That said, there's definitely some interesting details here especially on the testing side, so I'll go through it carefully and see what can be included separately.

Thanks for opening this anyway, it's always good to see more input and approaches like this! I'm happy to set you up with a free Pro account for contributing as well - if that's interesting just let me know your email (it seems the git commits here were made as [email protected] for some reason?) either here or by getting in touch directly at tim @ httptoolkit.com and I'll set you up with an account. The changes I've linked above to fix this in Mockttp aren't live yet, but they will be within a few days once the corresponding UI settings are all complete, so keep an eye on httptoolkit/httptoolkit#783 as I'll update & close that once this is live.

[ibrah3m]

Hi again, I hope you're doing well.

Ofc AI isn't the best with doing things but I tried my best since I'm new to the project.

looking forward to add more features like this one and maybe supporting more protocols.

my email is [email protected]

[pimterry]

I can see you've already got a Pro account, but I've just added a free year on top of that, enjoy! Thanks again for contributing @ibrah3m, this was an excellent feature suggestion, it's a great addition to the tool.