SSL is intended to be secure against man-in-the-middle attacks, hence you will not be able to extract the key to decrypt the traffic. If your application is acting as a proxy, the only cleartext that you’re likely to receive will be the initial CONNECT request.

One option would be to do what a number of commercial firewalls do to permit SSL inspection, which is to impersonate the remote side of the connection to the client, establishing a separate SSL stream to each. To do this you’ll need to do a number of things, and it will only work if you are able to install your own trusted root certificate on all clients that will use your proxy (e.g. using Windows group policy). If you can’t do this, you might as well give up, as it makes what you’re attempting to do effectively impossible.

1. Determine the name of the server that the client is connecting to from the CONNECT request.
2. Generate a certificate with the CN set to the server name established in step 1, signed by a root certificate trusted by the client.
3. Establish a network connection to the destination host, and using the .NET SslStream to wrap the connection and call AuthenticateAsClient(...).
4. Again using SslStream, wrap the client’s incoming network stream, and call AuthenticateAsServer() using the certificate generated in step 2.
5. Forward data between the two connections, logging it as you require.