| 1 |
On 161217-20:56-0500, Walter Dnes wrote: |
| 2 |
> I'm running Pale Moon. In an xterm, I did... |
| 3 |
> |
| 4 |
> export SSLKEYLOGFILE=/dev/shm/sslkeylogfile.txt |
| 5 |
> |
| 6 |
> ...and launched Pale Moon manually from the commandline. nd visited a |
| 7 |
> couple of https sites. I did get /dev/shm/sslkeylogfile.txt which |
| 8 |
> begins with the line... |
| 9 |
> |
| 10 |
> # SSL/TLS secrets log file, generated by NSS |
| 11 |
> |
| 12 |
> Following that are a bunch of lines starting with... |
| 13 |
> |
| 14 |
> CLIENT_RANDOM |
| 15 |
> |
| 16 |
> ...followed by a space, followed by 161 random hex-numeric characters |
| 17 |
> i.e. [0-9a-f]. |
| 18 |
> |
| 19 |
> I also saw a line beginning with... |
| 20 |
> |
| 21 |
> RSA |
| 22 |
> |
| 23 |
> ...followed by a space, followed by 113 random hex-numeric characters |
| 24 |
> i.e. [0-9a-f]. |
| 25 |
|
| 26 |
The very usual and familiar text that I take all --really all-- the |
| 27 |
time. Ever since I was pwned: |
| 28 |
System attacked, Konqueror went on window-popping spree! |
| 29 |
https://forums.gentoo.org/viewtopic-t-905472.html |
| 30 |
( |
| 31 |
Ah, and my Vimeo videos are back; not the Youtube ones, and it happened |
| 32 |
relatively recently that my vimeo videos are back, linked from that |
| 33 |
five, 5, years old topic on Gentoo Forums, as I informed here when they |
| 34 |
too were removed: |
| 35 |
https://forums.gentoo.org/viewtopic-t-905472-start-25.html#7881412 |
| 36 |
|
| 37 |
Plus, no way for me to update the Forums, since some people, like one of |
| 38 |
the Site Admins there, really don't like me: |
| 39 |
Was I really hijacking topics from other members? |
| 40 |
https://forums.gentoo.org/viewtopic-t-1041614.html |
| 41 |
Ctrl-F "your account has been banned.", currently still the very last |
| 42 |
line, date was: "Posted: Fri Apr 01, 2016 3:14 am" |
| 43 |
) |
| 44 |
|
| 45 |
[Ever since I was pwned], I inquired a lot about this capabilitiy, and |
| 46 |
some btwn 1 and 2 years ago I learned that since some times 2013 or |
| 47 |
around there (so I was just around 2 years late from the beeding edge |
| 48 |
development), Wireshark can read what Firefox SSL-keys captures, and |
| 49 |
since then I capture SSL-keys all the time time. |
| 50 |
|
| 51 |
> If you plan to do this regularly, your program launcher will need to |
| 52 |
> launch bash scripts with seperate filenames for each profile. Maybe |
| 53 |
> append date-time stamp to filenames to avoid multiple sessions |
| 54 |
> overwriting each other. |
| 55 |
In Firefox, you just need very little settings on the outside, : |
| 56 |
https://wiki.wireshark.org/SSL |
| 57 |
> |
| 58 |
> As for privacy, there are the usual features, like... |
| 59 |
> |
| 60 |
> * asking sites to not track (don't trust that) |
| 61 |
> * control of which sites to accept/refuse regular cookies, and 3rd-party |
| 62 |
> cookies, from |
| 63 |
> * whether or not to clear browsing and download history |
| 64 |
> * private browsing session |
| 65 |
I think some of the suggested extensions/addons here: |
| 66 |
https://wiki.gentoo.org/wiki/Tor |
| 67 |
(sadly) use Australis I currently have eff-https everywhere, |
| 68 |
RequestPolicy-continued, Privacy Badger, NoScript and Agent Spoofer. |
| 69 |
Some of them, I read (but don't remember which ones), use Australis... |
| 70 |
|
| 71 |
But... |
| 72 |
> -- |
| 73 |
> Walter Dnes <waltdnes@××××××××.org> |
| 74 |
> I don't run "desktop environments"; I run useful applications |
| 75 |
> |
| 76 |
...But thanks, why was this so hard to tell... See there in the Pale |
| 77 |
Moon forums, nobody replied (yet)... |
| 78 |
|
| 79 |
How come people are so little interested to read the traffic? |
| 80 |
|
| 81 |
I have all kinds of traces posted ( |
| 82 |
far from expert talk, but still |
| 83 |
useful stuff in somebody wants to learn to read the traffic of his own: |
| 84 |
http://www.croatiafidelis.hr/foss/cap/ |
| 85 |
)... |
| 86 |
|
| 87 |
How come people are so little interested to read the traffic, to learn |
| 88 |
how sites behave which they visit, and often to discover what sites |
| 89 |
really do to them? |
| 90 |
|
| 91 |
I'll go and inquire at the Pale Moon forum about the issues above, and |
| 92 |
will post there this exact question above, I think. |
| 93 |
|
| 94 |
Also, if this is really true, the Wireshark SSL wiki (the link above) |
| 95 |
needs to be updated... |
| 96 |
|
| 97 |
And more, wait... |
| 98 |
|
| 99 |
Wait... Did you need to patch the nss library to get the $SSLKEYLOGFILE |
| 100 |
being written to? Like in this bug: |
| 101 |
|
| 102 |
>=dev-libs/nss-3.24 - Add USE flag to enable SSL key logging |
| 103 |
https://bugs.gentoo.org/show_bug.cgi?id=587116 |
| 104 |
|
| 105 |
Did you? (That's about the only patch there, that I submitted to |
| 106 |
Bugzilla anywhere ;-) btw.) |
| 107 |
|
| 108 |
I'm puzzled... And overwhelmed with work, because I must now find time |
| 109 |
to install and set Pale Moon to the (SSL) traffic (and I'm really a slow |
| 110 |
worker). |
| 111 |
|
| 112 |
(Still half-disbelieving... so surprised I am.) |
| 113 |
-- |
| 114 |
Miroslav Rovis |
| 115 |
Zagreb, Croatia |
| 116 |
http://www.CroatiaFidelis.hr |
Archives