Open Firefox or Chrome to write to SSLKEYLOGFILE
Solution 1
Omit the parentheses
If you execute export
(without parameters) after your command, you will see that SSLKEYLOGFILE
is set to (/home/username)/sslkeylog.log
, which is not a valid path. Omit the parentheses:
export SSLKEYLOGFILE=$HOME/sslkeylog.log
"Normally" opened applications still won't see the environment variable
According to the Bash Reference Manual:
export [-fn] [-p] [name[=value]] Mark each name to be passed to child processes in the environment.[...]
...and similarly the dash manual:
export name ... export -p The specified names are exported so that they will appear in the environment of subsequent commands.[...]
...the exported environment variable is only ever passed to subsequent commands in the same process or child processes. So if you open a terminal and execute the export SSLKEYLOGFILE...
command, only applications (processes) that are spawned from the same terminal (or, more precisely, the same shell process within that terminal) will see the environment variable. If you run google-chrome(-stable)
from that terminal, it will see the SSLKEYLOGFILE
variable and write to the specified file.
If you open google chrome via an application starter (which I assume you consider normal), it will not be a child process of the terminal and thus won't be aware of the SSLKEYLOGFILE
variable.
Also be aware that if chrome is already running, executing google-chrome-stable
in a terminal will open a new window in the already running process. You can view the process tree by executing pstree
in a terminal.
Since this wasn't part of the question, I won't go into details here, but setting persistent environment variables, either session-wide or system-wide, is explained in the Ubuntu community wiki
Solution 2
i wanted to share with others, the solution noted above worked for me on ubuntu 18.10 using chrome
you can launch a site from terminal, using
$ google-chrome https://askubuntu.com/questions
for me, i wanted to read a tcp conversation in wireshark.
Key logs can be written by NSS so that external programs can decrypt TLS connections. Wireshark 1.6.0 and above can use these log files to decrypt packets. You can tell Wireshark where to find the key file via Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.
note, i did not try firefox. it might work, but i didn't want to spend time to figure it out. mozilla noted it is disabled by default for debian https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
since i am a new member the forum won't let me up-vote the solution.
EDIT: in wireshark v3.2.7 (it is Feb-2021 for reference) there is no longer an "SSL" option in the Protocols list. Use "TLS" instead
Solution 3
My solution to this problem was use chromium because firefox 49,48 have disable this feature on debian and kali linux, so first you have to execute this command:
nano ~/.bashrc
Append this at the end of file
export SSLKEYLOGFILE=~/.ssl-key.log
type ctrl+x and y to save the file. Then execute chromium from console to pass the followin flags:
chromium --ssl-key-log-file=~/.ssl-key.log
If you cat the file you will see that is poulated. For more info visit:
developer.mozilla.org/NSS Key Log Format
How to Decrypt SSL with Wireshark
Related videos on Youtube
Comments
-
BEWARB over 1 year
I have exported a new user variable SSLKEYLOGFILE using the command:
export SSLKEYLOGFILE=($HOME)/sslkeylog.log
If I open Firefox or Chrome normally, no sslkeylog.log file is created (even if created, its empty even if I browse through ssl traffic through the browser). Is there a special terminal command to open the browsers with these features enabled? If yes then what?
-
bomben almost 4 yearsI get
Failed opening SSL key log file: ~/secret.log
even though rights are777
. -
bomben almost 4 yearsIt worked for me after I unsuccesfully tried with Firefox 77 and Chromium. For those who wonder,
google-chrome
is not found withapt-cache
but must be installed viawget
: linuxize.com/post/… -
Bayron Jonathan Vazquez almost 4 yearsthe file 'secret.log' must be in your home directory.
-
bomben almost 4 yearsYes, the folder was not writeable and the filename I provided probably did not match the one I setup.