Firefox Quantum - SSLKEYLOGFILE - Wireshark

2
votes

I'm trying to extract the pre-master-secret from Firefox Quantum SSL communication via SSLKEYLOGFILE (to put it into Wireshark) on Win 7 as describe e.g. in https://www.antary.de/2017/07/16/wireshark-ssl-tls-traffic-entschluesseln/

The environment variable is set correctly, the file attributes allow for writing. I tried Firefox 57.0.3, 57.0.4 and 58.0b.14 (Dev. Edition). However, the file stays empty.

Can anyone tell if this feature is still available? There are different opinions on the internet.

If not what would be the next best thing to read SSL communication from a Firefox client?

Thank you.

1
sslfirefoxwireshark
If you are running yourself this Firefox browser, did you check the development tools (F12) particularly the tab Security ? - Eugène Adell
In the versions of Firefox discussed, there is a tab Security under Page Information from where the actual certificate of the webside can be exported. I am not sure if the master secret of the actual communication can be exported there. According to the NSS cookbook Wireshark should be able to decipher every connection in the actual WireShark UI. Thus no manual load for each and every connection should be required. - Sdre
This is a typical example that you should connect to the internet only when you are an expert in IT and everything. I see in TcpLogView (for example) that my Excel communicates when opened with Microsoft. Other applications have a lot to say to the internet, too, e.g. AVG. But what do they say? Isn't SSLKEYLOGFILE (if still available) the right and easy to use tool to find out? - Sdre
Firefox : 58.0.1 / Wireshark : 2.4.4 / Windows 10. I add an environment variable : SSLKEYLOGFILE=d:\SSLKEYLOGFILE.txt and I set Wireshark to use it (Edit > Preferences > Protocol > SSL pre-master-secret log filename =d:\SSLKEYLOGFILE.txt). And it's working. Decrypting the traffic doesn't mean that you will know exactly what's going on, if it's not plain text.. - Eugène Adell
It seems I am having a another error. Though everything seems to be set correctly the reassemle tab does not show up. I can reassemble HTTP and TCP protocol by clicking "follow stream" in the context menu. However, SSL stream eassemble is empty and so is the sslkeylogfile. Reassemble is set for HTTP and TCP and the log file has the right permissions and is set correctly in the environment varibale as well as the SSL protocol tab. - Sdre

1 Answers

1
votes

I've experienced this problem before. Just delete the empty file that you created. And let firefox/chrome create it for you.