Env vars... not taking so wont produce required outputs

hi ive recently started learning infosec after deciding to retrain and use some of this 40 years of playing with computers.

1 of the tools i use us wireshark.
my problem…
on windows i can set the environmental arguments for paths to the sslkeylog which will cause the ssl/tls keys to be spat out into a file that can then later be used to read through tls1.2 encrypted traffic…
this has worked fine for me for the last little while. but recently i decided it was time to jump to linux. and thats where im having trouble.

ive tried adding the sslkeylog path with the export command aswell as the systemctl and nano editing bashrc*
but no matter what i do i cant get linux to even create the logfile on the desktop.
the environmental vars seem to be right going by the tutorials online but it doesnt matter what i try its failing…

ive tried
export SSLKEYLOGFILE=’/home/user/Desktop/sslkeylog’
sudo export SSLKEYLOGFILE=’/home/user/Desktop/sslkeylog’
export SSLKEYLOGFILE=’/home/user/Desktop/sslkeylog’ | cat >>sslkeylog

but no luck…

*tried setting this up as root and as user

any suggestions…

Try sudo -E , the E transfer env vars to sudo session.

Edit. Forgot to add, can also use env in a command like so.
env var1=val1 var2=val2 your-command.sh

1 Like

thanks will give it a look

well no such luck…
turns out the feature was disabled earlier in the year and there was no posted solution i could find. other than recompiling with NSS_ALLOW_SSLKEYLOG=1 flag set… and a rumour it was still enabled in the devops version.

anyways downloaded the dev ops version and nope the option is nolonger listed in the about:config…
but i notice you can add new flags… so on the off chance… i entered it with a bolean true.
restarted no such luck…
restarted from the terminal and a file popped onto my desktop… i opened it and WHOOHOO! there you go…

so add your SSLKEYLOGFILE var via the export in .bashrc
open a terminal to make sure its took and shows up in the args list.

download and install the dev ops version of ff
copy it to user/libs/firefox
start it from its exe
go to the about:config
create a new bolean with NSS_ALLOW_SSLKEYLOG=1 and set it to true.
quit
now create a new symbolic link to the new version with

```
sudo ln -s /usr/lib/firefox/firefox /usr/bin/firefox
```

close everything…
open a fresh terminal and type firefox and you should see the dev op version run and a new file appear where you set it… (for me the desktop)
note the file is created any time you run firefox from terminal… if you use the desktop icon or taskbar it wont be created *i think you can add an argument to the launcher… but tolazy :smiley:

anyways done… thanks for the suggestion.

1 Like

bonus… i just installed opera browser and ran it from the terminal.
as soon as i did the sslkeylog popped onto the desktop. with no additional effort of changing about:config fields.

There are more difference in the code when you compare Linux to windows , you must be get the exact code desired results on your PC

i had the rite code mate. they took the feature out of the browser. you have to use a development version of firefox to get this to work.

a heads up for any one decrypting there ssl traffic on windows with the above method.
the sslkeylog will be created and appended every time you open a supported browser in windows.
meaning the keys will be getting added even when you dont want them to.
so if your in windows. go into the env vars and hash out SSLKEYLOG= … until you need it.

on linux. you have to use the terminal to boot firefox dev version.
the normal version doesnt support this function. so wont needlessly fill up your HDD/ssd.

ps. sorry for dragging this one back up. but i just realised 10 mins ago that the sslkeylog is over a gig in size. while wondering why my ssd seemed to be getting hammered every time i opened a browser.

so yeah careful guys. remember to disable it once your done with it.

1 Like

I have the same problem

This worked for me…

set the SSKEYLOGFILE env: variable as normal in Linux. echo it to .bashrc.
just point it to your preferred save location of the sslkey.log

windows:
system/advance/env vars/user variables. add SSLKEYLOGFILE with the path to your preferred save location C:/user/sslkey.log close and your done here.

NSS_ALLOW_SSLKEYLOG=1 is what’s missing from the Booleans in Firefox’s advanced options. its been also removed from the general release but is still in the dev ops version. just not listed.

download and install the dev ops version of Firefox open a terminal start it from its exe if on Linux. windows: just open it from the icon.

go to the about:config create a new Boolean with NSS_ALLOW_SSLKEYLOG=1 and set it to true. quit now create a new symbolic/icon link to the new dev version fire fox version

when you run Firefox from the terminal in Linux the sskeylog should be created and start populating.

run it from the task bar icon in Linux and it doesn’t make or update the keylog (just in case you dont want it populating every time you open the browser).

in windows, you will have to disable the env var or it will keep populating every time you open any browser that supports sslkey logging.

on that note opera and vivaldi should work with no changes to the advanced option.

lastly… open wireshark go to edit/preferences/protocols/tls and put the path to the sslkey.log in the pre master secret log box. click ok.

close everything… start Wireshark start your browser (from terminal in linux). you should start seeing sslkeylog start populating and see extra options for decryption in the tabs of Wireshark.