Request from browser are not decrypted.

asked 2020-04-21 19:36:41 +0000

I have set a SSLKEYLOGFILE in Kali Linux and used it in Pre Master Log filename in TLS protocol. When I use curl for https requests from terminal, WIRESHARK will decrypt correctly to http2 protocol. However, when I visit the same website from Firefox (sending obviously the exact same request), the only decrypted protocols are OSCP and TCP which do not contain the specified Https request.

What am I doing wrong? Thanks in advance. My apologies for maybe this is a dumb question, but I am willing to learn. :)

edit retag flag offensive close merge delete


Have you verified that Firefox added additional entries to the keylog file?
Maybe rename or move it between tests to see if Firefox is logging them properly.

Are you running regular Firefox or the developer edition?

Chuckc gravatar imageChuckc ( 2020-04-22 01:01:29 +0000 )edit

Seems YMMV depending on where you get Firefox.

The Mozilla Firefox 75.0 from Ubuntu does NOT log keys maybe due to this

The Mozilla Firefox 75.0 download from Mozilla creates the keylog file. Notes here

Chuckc gravatar imageChuckc ( 2020-04-22 03:06:44 +0000 )edit

Thank you very much! This was the issue, I could not find any reference saying that Mozilla Firefox from Ubuntu did not log keys. My sincere thanks for that.

Dimitris Soumis gravatar imageDimitris Soumis ( 2020-04-22 06:56:34 +0000 )edit