Hi, On Sat, Jun 29, 2024 at 4:45 PM Jeffrey Walton wrote: > > On Sat, Jun 29, 2024 at 4:13 PM Lee wrote: > > > > [...] Debian firefox does NOT allow one to do > > TLS intercept - ie. this does not work: > > C:\UTIL>cat firefox-tlsdecode.bat > > set SSLKEYLOGFILE=C:\Users\Lee\AppData\Local\Temp\FF-SSLkeys.txt > > start C:\"Program Files\Firefox\Firefox.exe" > > > > @rem wireshark: > > @rem edit / preferences > > @rem protocols / tls (v2.6: protocols / ssl) > > @rem paste SSLKEYLOGFILE filename into (Pre)-Master-Secret log > > filename (was SSL debug file entry) > > I'm not sure who your complaint is against -- Debian, Firefox or > Linux. I'm also not sure that it is a valid complaint.
It is 100% a valid complaint. And it's a complaint against Debian because they're the ones that turned off that functionality. They have <reasons>, I disagree, I'm free to build Firefox for myself, get somebody else to doit for me, or get it somewhere else. ... which is the downside of free software. Technically, yes, I'm free to build the software with whatever I want enabled, with whatever changes I want added/deleted. In practice, my ability to build Firefox is .. lacking :( > Firefox uses its own certificate store. If you want to proxy your > traffic, then the proxy's root cert needs to be in Mozilla's > certificate store. See > <https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox>. Right. I have privoxy & occasionally do set it for +https-inspection when I want it to inspect/modify web traffic. > Chrome is different. I've never used Chrome & don't intend to. > When you are intercepting/inspecting traffic, you typically setup your > proxy, and then proxy Firefox and Chrome traffic through your proxy. > The proxy can run on your local machine, like 127.0.0.1. Your proxy's > root certificate should be in the browser's store (as described > above). Or you can tell firefox to write the SSL key info to a file that wireshark can read & then decrypt the traffic. For example https://everything.curl.dev/usingcurl/tls/sslkeylogfile.html Best Regards, Lee
