On 161217-20:56-0500, Walter Dnes wrote: > I'm running Pale Moon. In an xterm, I did... > > export SSLKEYLOGFILE=/dev/shm/sslkeylogfile.txt > > ...and launched Pale Moon manually from the commandline. nd visited a > couple of https sites. I did get /dev/shm/sslkeylogfile.txt which > begins with the line... > > # SSL/TLS secrets log file, generated by NSS > > Following that are a bunch of lines starting with... > > CLIENT_RANDOM > > ...followed by a space, followed by 161 random hex-numeric characters > i.e. [0-9a-f]. > > I also saw a line beginning with... > > RSA > > ...followed by a space, followed by 113 random hex-numeric characters > i.e. [0-9a-f].
The very usual and familiar text that I take all --really all-- the time. Ever since I was pwned: System attacked, Konqueror went on window-popping spree! https://forums.gentoo.org/viewtopic-t-905472.html ( Ah, and my Vimeo videos are back; not the Youtube ones, and it happened relatively recently that my vimeo videos are back, linked from that five, 5, years old topic on Gentoo Forums, as I informed here when they too were removed: https://forums.gentoo.org/viewtopic-t-905472-start-25.html#7881412 Plus, no way for me to update the Forums, since some people, like one of the Site Admins there, really don't like me: Was I really hijacking topics from other members? https://forums.gentoo.org/viewtopic-t-1041614.html Ctrl-F "your account has been banned.", currently still the very last line, date was: "Posted: Fri Apr 01, 2016 3:14 am" ) [Ever since I was pwned], I inquired a lot about this capabilitiy, and some btwn 1 and 2 years ago I learned that since some times 2013 or around there (so I was just around 2 years late from the beeding edge development), Wireshark can read what Firefox SSL-keys captures, and since then I capture SSL-keys all the time time. > If you plan to do this regularly, your program launcher will need to > launch bash scripts with seperate filenames for each profile. Maybe > append date-time stamp to filenames to avoid multiple sessions > overwriting each other. In Firefox, you just need very little settings on the outside, : https://wiki.wireshark.org/SSL > > As for privacy, there are the usual features, like... > > * asking sites to not track (don't trust that) > * control of which sites to accept/refuse regular cookies, and 3rd-party > cookies, from > * whether or not to clear browsing and download history > * private browsing session I think some of the suggested extensions/addons here: https://wiki.gentoo.org/wiki/Tor (sadly) use Australis I currently have eff-https everywhere, RequestPolicy-continued, Privacy Badger, NoScript and Agent Spoofer. Some of them, I read (but don't remember which ones), use Australis... But... > -- > Walter Dnes <waltd...@waltdnes.org> > I don't run "desktop environments"; I run useful applications > ...But thanks, why was this so hard to tell... See there in the Pale Moon forums, nobody replied (yet)... How come people are so little interested to read the traffic? I have all kinds of traces posted ( far from expert talk, but still useful stuff in somebody wants to learn to read the traffic of his own: http://www.croatiafidelis.hr/foss/cap/ )... How come people are so little interested to read the traffic, to learn how sites behave which they visit, and often to discover what sites really do to them? I'll go and inquire at the Pale Moon forum about the issues above, and will post there this exact question above, I think. Also, if this is really true, the Wireshark SSL wiki (the link above) needs to be updated... And more, wait... Wait... Did you need to patch the nss library to get the $SSLKEYLOGFILE being written to? Like in this bug: >=dev-libs/nss-3.24 - Add USE flag to enable SSL key logging https://bugs.gentoo.org/show_bug.cgi?id=587116 Did you? (That's about the only patch there, that I submitted to Bugzilla anywhere ;-) btw.) I'm puzzled... And overwhelmed with work, because I must now find time to install and set Pale Moon to the (SSL) traffic (and I'm really a slow worker). (Still half-disbelieving... so surprised I am.) -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
signature.asc
Description: Digital signature
