Request from browser are not decrypted.

  • retag add tags

I have set a SSLKEYLOGFILE in Kali Linux and used it in Pre Master Log filename in TLS protocol. When I use curl for https requests from terminal, WIRESHARK will decrypt correctly to http2 protocol. However, when I visit the same website from Firefox (sending obviously the exact same request), the only decrypted protocols are OSCP and TCP which do not contain the specified Https request.

What am I doing wrong? Thanks in advance. My apologies for maybe this is a dumb question, but I am willing to learn. :)

Dimitris Soumis's avatar
1
Dimitris Soumis
asked 2020-04-21 19:36:41 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Have you verified that Firefox added additional entries to the keylog file?
Maybe rename or move it between tests to see if Firefox is logging them properly.

Are you running regular Firefox or the developer edition?

Chuckc's avatar Chuckc (2020-04-22 01:01:29 +0000) edit
more
  • delete

Seems YMMV depending on where you get Firefox.

The Mozilla Firefox 75.0 from Ubuntu does NOT log keys maybe due to this

The Mozilla Firefox 75.0 download from Mozilla creates the keylog file. Notes here

Chuckc's avatar Chuckc (2020-04-22 03:06:44 +0000) edit
more
  • delete

Thank you very much! This was the issue, I could not find any reference saying that Mozilla Firefox from Ubuntu did not log keys. My sincere thanks for that.

Dimitris Soumis's avatar Dimitris Soumis (2020-04-22 06:56:34 +0000) edit
more
  • delete
add a comment see more comments