When using OHTTP requests for DoH (see some deps of bug 1795940) or shopping (current nightly behind a pref, meta bug 1836260), we make request over OHTTP. Briefly, that means the request gets encrypted, goes to server A, which forwards to server B, which decrypts (and potentially forwards to server C). The response is also encrypted, and client-side decrypted when it arrives.

Right now in devtools, you can see the encrypted contents of the request and response, along with the "outer" request and response header information to/from server A.

It would be nice if the decrypted / decapsulated information was also easily accessible within devtools.

The netmonitor is using nsIStreamListenerTee to intercept request content:
https://searchfox.org/mozilla-central/rev/f979f15eaeef504bfdcd27f033323d62b51986cd/devtools/shared/network-observer/NetworkObserver.sys.mjs#902-919

    const newListener = new NetworkResponseListener(...)
    const tee = Cc["@mozilla.org/network/stream-listener-tee;1"].createInstance(
      Ci.nsIStreamListenerTee
    );
    const originalListener = channel.setNewListener(tee);
    tee.init(originalListener, sink.outputStream, newListener);

Later within NetworkResponseListener we register converters to uncompress compressed requests:
https://searchfox.org/mozilla-central/rev/f979f15eaeef504bfdcd27f033323d62b51986cd/devtools/shared/network-observer/NetworkResponseListener.sys.mjs#308-339
May be we could have something around there to decrypt requests content?

Or could we somehow decrypt from the frontend so that we can show both encrypted and decrpyted content via a toggle?

(In reply to Alexandre Poirot [:ochameau] from comment #1)

The netmonitor is using nsIStreamListenerTee to intercept request content:
https://searchfox.org/mozilla-central/rev/f979f15eaeef504bfdcd27f033323d62b51986cd/devtools/shared/network-observer/NetworkObserver.sys.mjs#902-919

    const newListener = new NetworkResponseListener(...)
    const tee = Cc["@mozilla.org/network/stream-listener-tee;1"].createInstance(
      Ci.nsIStreamListenerTee
    );
    const originalListener = channel.setNewListener(tee);
    tee.init(originalListener, sink.outputStream, newListener);

Later within NetworkResponseListener we register converters to uncompress compressed requests:
https://searchfox.org/mozilla-central/rev/f979f15eaeef504bfdcd27f033323d62b51986cd/devtools/shared/network-observer/NetworkResponseListener.sys.mjs#308-339
May be we could have something around there to decrypt requests content?

Or could we somehow decrypt from the frontend so that we can show both encrypted and decrpyted content via a toggle?

I think using the same thing as compression sounds reasonable. The one thing that I'm less sure about is distinguishing inner and outer request response codes (ie http 200/403/501/...) and how we'd display this, given these are also represented in the network pane in other ways.