On the other hand, Chrome refuses to show binary WebSocket traffic, so I just use SSLKEYLOGFILE + Firefox + Wireshark/tshark to debug secured WS traffic. tshark can even be configured to dump out the packets basically as they come in.

I am struggling quite a bit to make this work. Do you have any good writeups on how to do this?

First, launch Firefox:

    SSLKEYLOGFILE=$(pwd)/ssl_keys.log firefox -P 

("firefox-bin" on some Linuxes, "/Applications/Firefox.app/Contents/MacOS/firefox" on Mac, etc.). This launches a Profile Manager; pick a profile that isn't being used by any other running Firefox. This avoids accidentally logging keys for normal browsing traffic, making it easier to pick out the target SSL traffic and avoiding a security risk.

Second, launch tcpdump:

    tcpdump -i en0 -w dump.pcap

(where en0 is your primary Internet interface).

Browse to the site you want to debug and make some websocket requests.

Finally, you can use tshark to inspect the traffic:

    tshark -n -r dump.pcap -o http.ssl.port:443 -o ssl.keylog_file:ssl_keys.log -Y websocket -Tfields -e frame.time_relative -e ip.src -e ip.dst -e data

The -e fields I chose there are just examples; this particular example dumps out all the websocket payloads to a file.

You can also configure Wireshark to use the log file, so that you can inspect the traffic interactively; to do so, edit Preferences -> Protocols -> SSL and set the (Pre-)Master Secret key log filename appropriately.

Just use Charles debugging proxy with the SSL mitm enabled, it's much easier