All geek questions in one place

How to use the used encryption key of the current SSL connection in Firefox?

I would like to ask one quick question. Is there an addon for Firefox or a tool how to get a session key created from a master secret during the establishment of an SSL connection, through which all client / server communications are encoded symmetrically? I need this because of the decryption of the connection (POST / GET / etc ..) through the Wireshark or PCAP library. Since I see that Firebug is showing a decrypted message, so I hope there are some correct ways to access this session key :)

Thank you all for your help.

+6
source share
2 answers

I have some good news for you. In fact, you can get the Master-Key data you need from Firefox and Chrome. And you can use the output file in Wireshark to decrypt SSL / TLS traffic without having to use the private key from the SSL / TLS server. Check out “Method 2” here: http://www.root9.net/2012/11/ssl-decryption-with-wireshark-private.html

As a hint, if you do not want to restart your computer, just open a command prompt and run:

set SSLKEYLOGFILE = c: \ sslKeyLogFile.txt

"C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe"

Since Firefox starts from the same session in which you added the environment variable, it will start with this variable. Otherwise, after installation, a restart of Windows will be required in the System Settings dialog box.

I also want to note that the answer from Chris was not necessarily wrong, it is a fairly new feature. This did not lead to a release prior to Wireshark 1.6.

+9
source

If you want to use Wireshark, then the pre-pre secret will be useless to you (you call it the “encryption key” in your question).

Wireshark can only decrypt traffic by specifying the RSA secret key on the server, which does not change with every connection, unlike the pre master secrecy. However, you cannot get this through your browser or anything else for obvious reasons.

If you want to decrypt SSL traffic, I suggest using an intermediate proxy instead, such as Fiddler. It does not passively capture traffic, but proxies traffic, which allows it to actually decrypt the data sent and received.

+1
source

Source: https://habr.com/ru/post/908225/

More articles:


All Articles