Thank you Harris et al: I wrote up the outline of a bash script, but I am not so sure if I am using the right tools. I find wireshark too "visual", "GUIee", but other development efforts/tools such as ssldump have been apparently discontinued.
Basically I would like to know: 1) exactly what happens both: 1.1) internally in a browser (including javascript handling), for which I might have to compile a version with debugging enabled, and, 1.2) on the wire 2) as I browse the page around using the browser the encryption keys should be saved to a file, which, 3) wireshark would ongoingly read in to decrypt the traffic produced by the browser I have found a few pages partially explaining how could you do such thing, but when I have tried to combine the pieces, I have run into new problems and dead ends. Would it be better using dumpcap and then read in the file? I like to see the timely flow of the interaction between wireshark and the browser, but I am OK if I wouldn’t. ~ _URL="https://news.google.com/?tab=wn&hl=en-US&gl=US&ceid=US:en"; $ bash ./wireshark_sniff_session00.sh "${_URL}" ~ #!/bin/bash _DT=$(date +"%Y%m%d%H%M%S") echo "// __ \$1: |$1|" _URL=$1 _URL_HOST=$(echo $_URL | sed -e "s/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/") echo "// __ \$_URL_HOST: |$_URL_HOST|" _IP_ADRX=$(host "${_URL_HOST}" | grep " has address " | awk '{ print $4}') echo "// __ \$_IP_ADRX: |$_IP_ADRX|" ping -c 2 "${_IP_ADRX}" _LOG_FL="${_URL_HOST}_${_DT}_wirseshark_log.pcapng" echo "// __ \$_LOG_FL: |$_LOG_FL|" _HOST_NAME=$(hostname -I --all-ip-addresses | awk '{print $1}') echo "// __ \$_HOST_NAME: |$_HOST_NAME|" ip --oneline -4 a | grep "${_HOST_NAME}" _NET_IF=$(ip --oneline -4 a | grep "${_HOST_NAME}" | awk -F '[: ]' '{print $3}') echo "// __ \$_NET_IF: |$_NET_IF|" export SSLKEYLOGFILE="$HOME/${_URL_HOST}_${_NET_IF}_${_DT}_sslkeylog.log" echo "// __ \$SSLKEYLOGFILE: |$SSLKEYLOGFILE|" echo "// __ starting firefox" firefox --ssl-key-log-file=$SSLKEYLOGFILE --new-instance ${_URL} & # (ip.dst=="${_NET_IF}")? # how do you give set as a startup parameter the $SSLKEYLOGFILE produced by firefox? # how do you make wireshark save the captured file onto $_LOG_FL? wireshark -i "${_NET_IF}" -f "host ${_URL_HOST}" -k -l ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
