Using Kali, grab this Library: jSSLKeyLog. Next, find the script you’re testing that invokes java and add the following parameter (or manually add the parameter if running java directly):
$ java -javaagent:jSSLKeyLog.jar==/tmp/ssl-key-log.log -jar file.jar
Next, run tcpdump how you normally would:
$ tcpdump -i eth0 -w dump.cap -C 100m
Now you can run the java application whose SSL session keys you want to extract:
$ java -javaagent:jSSLKeyLog.jar==/tmp/ssl-key-log.log -jar app.jar
Once the app has generated the traffic you’re interested in, open up Wireshark
and select dump.cap. Find the first SSL connection to the host you’re
interested in decrypting traffic to and right-click > Protocol Preferences >
(Pre)-master-secret log filename and browse to /tmp/ssl-key-log.log
Hey, presto! Now you can right-click and select Follow > SSL stream to see the decrypted traffic.