My operating system is Windows 10 64 bits. I use the latest versions of Firefox and Chrome.
I want to save the pre-master keys in order to use them with WireShark.
For this, I have found many tutorials that all recommend using the SSLKEYLOGFILE environment variable.
However, no matter the path I put in this variable, no file is being created by Firefox (normal and developer editions) or Chrome. This is true even when I restart those browsers or the operating system. This is also true when I clear the cache on the browsers.
I found an alternative way of setting the SSLKEYLOGFILE variable with Chrome by launching the browser with the following argument:
--ssl-key-log-file=PATH
And while this argument does create a log file, it is never populated. It remains completely empty.
What makes this problem even more annoying is that I don't know if there's any debug log that would at least let me know what's happening.
Anyone have ideas on how to solve this issue?
A key log is a log of the values used by your web browser to generate TLS session keys. Your browser does this every time, but it doesn't do anything else with those values once they are used. However, recent versions of Firefox and Chrome will output these values to a text file with a little bit of work.
You can specify the key file path in Wireshark via Edit -> Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename . If your SSLKEYLOGFILE does not exist yet, just create an empty text file, so you can select it in Wireshark (or run mitmproxy to create and collect master secrets).
Verified in both Chrome and Firefox
Windows 10 64bit [Version 10.0.17763.379]
I would not use the --ssl-key-log-file
flag with Chrome. In my testing, it does not have an effect.
Change your directory to one that you or your programs have access to. I am using the Desktop folder.
C:\> cd $HOME\Desktop
Set the SSLKEYLOGFILE
variable. This sets it for the user (HKCU). To set it for the machine (HKLM), add the /m
flag to the end of the command.
PS C:\Users\rj\Desktop> SetX SSLKEYLOGFILE "$(get-location)\ssl.log"
Verify that the variable has been set in a separate powershell window (SetX does not apply to the current window).
PS C:\Users\rj\Desktop> Get-ChildItem ENV: | findstr SSLKEYLOGFILE
SSLKEYLOGFILE C:\Users\rj\Desktop\ssl.log
You can also verify that SSLKEYLOGFILE is a user variable by going to the Control Panel > System and Security > System > Advanced System Settings > Advanced tab > Environment Variables > User Variables. You should see a listing like the powershell example where the value is a directory.
Open Chrome/Firefox and go to an https website like https://stackoverflow.com.
ssl.log
show up on your desktop.Image of end result
You mentioned that you are using Wireshark. If you using it to export a file from a TLS-encrypted stream in a capture, this article may help you.
One thing I ran into is: Chrome doesn't always fully close when you close the window. Sometimes it stays open in the background. Use the Windows Process Explorer to list all the processes and make cure Chrome is closed. Also, after restarting Chrome, you can double click on it in Process Explorer and select the Environment tab to list all the variables set in it's environment. Make sure SSLKEYLOGFILE is shown in that list. Then Chrome will be sending keys to the specified file.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With