From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id EB419139085 for ; Sun, 18 Dec 2016 05:49:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 543F721C080; Sun, 18 Dec 2016 05:49:46 +0000 (UTC) Received: from smtp6.plusvps.com (smtp6.plusvps.com [89.201.164.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D7BA221C060 for ; Sun, 18 Dec 2016 05:49:45 +0000 (UTC) Received: from lin16.mojsite.com ([178.218.164.164]) by smtp6.plusvps.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84) (envelope-from ) id 1cIULt-000CZf-0g for gentoo-user@lists.gentoo.org; Sun, 18 Dec 2016 06:49:41 +0100 Received: from 78-1-142-241.adsl.net.t-com.hr ([78.1.142.241]:48048 helo=g0n.localdomain) by lin16.mojsite.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.87) (envelope-from ) id 1cIULs-0008Nc-5d for gentoo-user@lists.gentoo.org; Sun, 18 Dec 2016 06:49:40 +0100 Received: by g0n.localdomain (Postfix, from userid 1000) id F0D9C6BC4; Sun, 18 Dec 2016 06:50:09 +0100 (CET) Date: Sun, 18 Dec 2016 06:50:09 +0100 From: Miroslav Rovis To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Reading the (SSL) traffic with Pale Moon, WAS: from Firefox52: NO pure ALSA? Youtube... Audio: No Message-ID: <20161218055009.GA11155@g0n.xdwgrp> References: <20161216131315.GA4052@g0n.xdwgrp> <20161216165118.GA26704@g0n.xdwgrp> <20161216222708.GA23562@g0n.xdwgrp> <20161217055952.GB13608@waltdnes.org> <20161217224455.GA9477@g0n.xdwgrp> <20161217232554.GB9477@g0n.xdwgrp> <20161218015637.GC18283@waltdnes.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline In-Reply-To: <20161218015637.GC18283@waltdnes.org> User-Agent: Mutt/1.7.2 (2016-11-26) X-PlusHosting-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details, Found to be clean X-PlusHosting-MailScanner-SpamCheck: X-Spam-Status: No, No X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - lin16.mojsite.com X-AntiAbuse: Original Domain - lists.gentoo.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - croatiafidelis.hr X-Get-Message-Sender-Via: lin16.mojsite.com: authenticated_id: miro.rovis@croatiafidelis.hr X-Authenticated-Sender: lin16.mojsite.com: miro.rovis@croatiafidelis.hr X-PlusHosting-MailScanner-Information: Please contact the ISP for more information X-PlusHosting-MailScanner-ID: 1cIULt-000CZf-0g X-PlusHosting-MailScanner-From: miro.rovis@croatiafidelis.hr X-Archives-Salt: 4352192d-3bf2-4a05-96ec-08d8f4cc7f24 X-Archives-Hash: f28077ce262d675b466585b38e20eb6e --y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 161217-20:56-0500, Walter Dnes wrote: > I'm running Pale Moon. In an xterm, I did... >=20 > export SSLKEYLOGFILE=3D/dev/shm/sslkeylogfile.txt >=20 > ...and launched Pale Moon manually from the commandline. nd visited a > couple of https sites. I did get /dev/shm/sslkeylogfile.txt which > begins with the line... >=20 > # SSL/TLS secrets log file, generated by NSS >=20 > Following that are a bunch of lines starting with... >=20 > CLIENT_RANDOM >=20 > ...followed by a space, followed by 161 random hex-numeric characters > i.e. [0-9a-f]. >=20 > I also saw a line beginning with... >=20 > RSA >=20 > ...followed by a space, followed by 113 random hex-numeric characters > i.e. [0-9a-f]. The very usual and familiar text that I take all --really all-- the time. Ever since I was pwned: System attacked, Konqueror went on window-popping spree! https://forums.gentoo.org/viewtopic-t-905472.html ( Ah, and my Vimeo videos are back; not the Youtube ones, and it happened relatively recently that my vimeo videos are back, linked from that five, 5, years old topic on Gentoo Forums, as I informed here when they too were removed: https://forums.gentoo.org/viewtopic-t-905472-start-25.html#7881412 Plus, no way for me to update the Forums, since some people, like one of the Site Admins there, really don't like me: Was I really hijacking topics from other members? https://forums.gentoo.org/viewtopic-t-1041614.html Ctrl-F "your account has been banned.", currently still the very last line, date was: "Posted: Fri Apr 01, 2016 3:14 am" ) [Ever since I was pwned], I inquired a lot about this capabilitiy, and some btwn 1 and 2 years ago I learned that since some times 2013 or around there (so I was just around 2 years late from the beeding edge development), Wireshark can read what Firefox SSL-keys captures, and since then I capture SSL-keys all the time time. > If you plan to do this regularly, your program launcher will need to > launch bash scripts with seperate filenames for each profile. Maybe > append date-time stamp to filenames to avoid multiple sessions > overwriting each other. In Firefox, you just need very little settings on the outside, : https://wiki.wireshark.org/SSL >=20 > As for privacy, there are the usual features, like... >=20 > * asking sites to not track (don't trust that) > * control of which sites to accept/refuse regular cookies, and 3rd-party > cookies, from > * whether or not to clear browsing and download history > * private browsing session I think some of the suggested extensions/addons here: https://wiki.gentoo.org/wiki/Tor (sadly) use Australis I currently have eff-https everywhere, RequestPolicy-continued, Privacy Badger, NoScript and Agent Spoofer. Some of them, I read (but don't remember which ones), use Australis... But... > --=20 > Walter Dnes > I don't run "desktop environments"; I run useful applications >=20 =2E..But thanks, why was this so hard to tell... See there in the Pale Moon forums, nobody replied (yet)... How come people are so little interested to read the traffic? I have all kinds of traces posted ( far from expert talk, but still useful stuff in somebody wants to learn to read the traffic of his own: http://www.croatiafidelis.hr/foss/cap/ )... How come people are so little interested to read the traffic, to learn how sites behave which they visit, and often to discover what sites really do to them? I'll go and inquire at the Pale Moon forum about the issues above, and will post there this exact question above, I think. Also, if this is really true, the Wireshark SSL wiki (the link above) needs to be updated... And more, wait... Wait... Did you need to patch the nss library to get the $SSLKEYLOGFILE being written to? Like in this bug: >=3Ddev-libs/nss-3.24 - Add USE flag to enable SSL key logging https://bugs.gentoo.org/show_bug.cgi?id=3D587116 Did you? (That's about the only patch there, that I submitted to Bugzilla anywhere ;-) btw.) I'm puzzled... And overwhelmed with work, because I must now find time to install and set Pale Moon to the (SSL) traffic (and I'm really a slow worker). (Still half-disbelieving... so surprised I am.) --=20 Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYViORAAoJEOqYhIhPuvCu3VsP/ifz3IRaWr3kZlKPUoY20XuX cSdWtQRxA1AzFJwDlkTPxF801bZbwl6xMob2iuzWZm2E7xwvJKtJyihj1oxn2SLs B+GB9dzSdqe8mbckAJqWG2o6K4qi/HGYQfOogwvl+Hh538npmLLeSucGQpUNnlQH P/k0F0r8GPNbg2ypergfMdxz+fH1gXU3uC+TwJQAKX1iPLkTru1D5jdvVOvctIEr 5Ceedyc0meiE3xq1UCux0MAixMmrEuistR6aeb/dKCMmX2ocxnjaEkU2v5Lsoujx wKgdoq/kRN5hC6np4oiDVHm/XQVWVxgTekwPBd6VG+TF1ayKIQvpL+lJVT5kPQTr gYsTVAU/XwvoHwXZLh1vtVX8tc+7nKXqNqbeIm8Y/pOPYRViQPBHPa1iosYkEDTk cNJhBFAHd3hfjts72tsPfK+OjjvNXhDt1TYDL42zHlwMD7ctHgrCnZZwrkNjXEOk Yw0AIBxja3hwaSfq9xxD9QqI4+ZCQrd5RkJyzlZjA/IP5y/VRpHLFEkYxgojQkb/ MN+0GXeUhaERY3VjIa/UbjK18aP1VWFxiIiIcjJv4kcECCneXKr0/FbEt/bS7gqW 2f14YsbcKnZp1T649mxHCRyujdmXE8vppSl9mlMEdMM9s/BTzIyb6LmcwatyfbPj kJ1sw1WrW2UJWf1e/tAA =CIjY -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--