Open Firefox or Chrome to write to SSLKEYLOGFILE

Solution 1

Omit the parentheses

If you execute export (without parameters) after your command, you will see that SSLKEYLOGFILE is set to (/home/username)/sslkeylog.log, which is not a valid path. Omit the parentheses:

export SSLKEYLOGFILE=$HOME/sslkeylog.log

"Normally" opened applications still won't see the environment variable

According to the Bash Reference Manual:

export [-fn] [-p] [name[=value]]

Mark each name to be passed to child processes in the
environment.[...]

...and similarly the dash manual:

 export name ...
 export -p
        The specified names are exported so that they will appear in the
        environment of subsequent commands.[...]

...the exported environment variable is only ever passed to subsequent commands in the same process or child processes. So if you open a terminal and execute the export SSLKEYLOGFILE... command, only applications (processes) that are spawned from the same terminal (or, more precisely, the same shell process within that terminal) will see the environment variable. If you run google-chrome(-stable) from that terminal, it will see the SSLKEYLOGFILE variable and write to the specified file.

If you open google chrome via an application starter (which I assume you consider normal), it will not be a child process of the terminal and thus won't be aware of the SSLKEYLOGFILE variable.

Also be aware that if chrome is already running, executing google-chrome-stable in a terminal will open a new window in the already running process. You can view the process tree by executing pstree in a terminal.

Since this wasn't part of the question, I won't go into details here, but setting persistent environment variables, either session-wide or system-wide, is explained in the Ubuntu community wiki

Solution 2

i wanted to share with others, the solution noted above worked for me on ubuntu 18.10 using chrome

you can launch a site from terminal, using

$ google-chrome https://askubuntu.com/questions

for me, i wanted to read a tcp conversation in wireshark.

Key logs can be written by NSS so that external programs can decrypt TLS connections. Wireshark 1.6.0 and above can use these log files to decrypt packets. You can tell Wireshark where to find the key file via Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.

note, i did not try firefox. it might work, but i didn't want to spend time to figure it out. mozilla noted it is disabled by default for debian https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format

since i am a new member the forum won't let me up-vote the solution.

EDIT: in wireshark v3.2.7 (it is Feb-2021 for reference) there is no longer an "SSL" option in the Protocols list. Use "TLS" instead

Solution 3

My solution to this problem was use chromium because firefox 49,48 have disable this feature on debian and kali linux, so first you have to execute this command:

nano ~/.bashrc

Append this at the end of file

export SSLKEYLOGFILE=~/.ssl-key.log

type ctrl+x and y to save the file. Then execute chromium from console to pass the followin flags:

chromium --ssl-key-log-file=~/.ssl-key.log

If you cat the file you will see that is poulated. For more info visit:

developer.mozilla.org/NSS Key Log Format

How to Decrypt SSL with Wireshark

Related videos on Youtube