0

I'm trying to decrypt HTTPS using Wireshark on Ubuntu 20.04.

I use this guide.

Basically:

  1. You install Wireshark
  2. You add SSLKEYLOGFILE environment variable
  3. You open Chrome and visit the HTTPS site
  4. You import the ssl key log file into Wireshark
  5. And it decrypts the traffic

But no matter what I do, my .ssl-key.log file is empty. I closed Chrome and reopened it. Visited https://google.com and nothing is written in that file. I even restarted my laptop.

And these questions did not solve my problem:

Chrome not Firefox are not dumping to SSLKEYLOGFILE variable

SSLKEYLOGFILE environment variable doesn't populate any text file

Hossein Fallah
  • 1,859
  • 2
  • 18
  • 44

2 Answers2

0

I use chrome(Version 97.0.4692.99 (Official Build) (64-bit)) is worked.

you should run killall chrome to kill all chrome background instance. then rerun google-chrome is work.

OR

user fiddler decrypt HTTPS,

https://docs.telerik.com/fiddler/configure-fiddler/tasks/decrypthttps

Decrypt HTTPS traffic with Wireshark and Fiddler

https://www.hhutzler.de/blog/decrypt-https-traffic-wireshark-fiddler/

he shouyong
  • 159
  • 3
  • 1
    I actually restarted my laptop alltogether. That is more than killing Chrome. My version is 98. – Hossein Fallah Feb 22 '22 at 03:46
  • 1
    I use Version 98.0.4758.102 (Official Build) (64-bit) for tested.it's worked. PS:Need in terminal run `google-chrome` ,not click chrome icon for run.. – he shouyong Feb 23 '22 at 03:10
0

The problem may be that Google Chrome doesn't have access to your user environment.

To resolve this,

  • launch google-chrome directly from a user terminal whenever you want to decrypt new traffic
  • or make a psueo-google-chrome launcher that points to the real google-chrome after setting the SSLKEYLOGFILE env variable
Jacob Valdez
  • 246
  • 2
  • 9