Reputation: 243
Chrome not Firefox are not dumping to SSLKEYLOGFILE variable
I'm trying to decrypt SSL packages with Wireshark as described here. I have already created a SSLKEYLOGFILE System and User variable and the log file. I have restarted my computer (running Windows 10), and opened https urls with Chrome and Firefox, but none write to the ssl log file. My Chrome version is 56.0.2924.87 (64-bit) and my Firefox version is 51.0.1 (32-bit). Any idea how can I make any of the two browsers write to that file? Or is there any way to get the SSL key to be able to decrypt SSL packages in Wireshark?
Upvotes: 25
Views: 55925
Answers (7)
Reputation: 3421
I have solved it!
You MUST be sure chrome totally be closed. And then reopen a fresh new chrome instance.
Chrome has a default options let chrome run in background enabled.
Double check your taskbar of windows or processes lists to make sure there's no chrome instance exists.
That's why --ssl-key-log-file don't working, chrome stills alive after you click exit button.
Upvotes: 6
Reputation: 21
Try to close your current browsing session, it behave like you just add a new path to PATH, only work from the new session and so on.
Upvotes: 2
Reputation: 21
Some antiviruses (like Avast) inject the SSLKEYLOGFILE environment variable into well-known processes like firefox.exe and chrome.exe. If you rename the browser executable file and launch that, then the environment variable won't be overridden.
Upvotes: 2
Reputation: 123581
With Firefox the features seems to be disabled by default and is only available in debug builds. With Chrome this might have been vanished by switching the underlying SSL engine from NSS (which implemented this feature and is also used in Firefox) to BoringSSL (which maybe does not have this feature).
Update: according to @Lekensteyn (see comment) the feature is again available in current Firefox and Chrome builds.
Upvotes: 5
Reputation: 17
Besides what they have already pointed out, I want to show three points that may help. These are tips for Linux (CentOS)
Make sure the file that related to
SSLKEYLOGFILEcan be written and read, to make sure you can use:chmod -R 777 sslkey.txtMake sure your Firefox or Chrome is opened under the same user with the file mentioned, for example under root.
- Find some useful comments here
Upvotes: -6
Reputation: 1062
You are doing something wrong. Tested on version 58 & you do not need to reboot. To activate either:
- set environment variable e.g.
SSLKEYLOGFILEto%USERPROFILE%\sslkeysENV.pms - run chrome with argument e.g.:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ssl-key-log-file=%USERPROFILE%\sslkeysARG.pms
Upvotes: 16
Reputation: 21
Try Firefox Developer edition, the above mentioned feature is turned on by default. I tested yesterday only.
Upvotes: 2
Related Questions
- SSLKEYLOGFILE environment variable doesn't populate any text file
- mitmproxy: SSL keys not decrypting in Wireshark
- What fields be expected in sslkeylog file?
- SSLKeyLog file for chrome- mac not working
- Firefox won't write to SSLKEYLOGFILE
- SSL has disappeared in wireshark
- Firefox Quantum - SSLKEYLOGFILE - Wireshark
- Cannot decrypt HTTPS Traffic with Wireshark
- Decrypting HTTPS traffic in Wireshark not working
- Wireshark not capturing HTTPS packets?