Monday, May 05, 2025

Re: mitmproxy and debug message in console

Il giorno lun 5 mag 2025 alle ore 22:20 Theo Buehler <tb@theobuehler.org> ha scritto:
On Mon, May 05, 2025 at 10:03:35PM +0200, LWS wrote:
> So I don't understand why they should not be supported by libssl.

The software uses python bindings to libssl. libssl establishes the keys,
so it must support the keylog functionality for the software to be able
use it. Since libssl doesn't support it, the mitm softare can't.

Specifically, it tries uses this function if the env var is set:

https://man.openbsd.org/SSL_CTX_set_keylog_callback

Since the function does nothing, SSLKEYLOG doesn't work.


ok, thank you. Very kind indeed. Now everything is perfectly clear. 

 
> I know that the variable has been disabled in firefox for security reasons,
> but not in chromium.

The SSLKEYLOG functionality is controversial. People expect it to be
available just because some popular implementations decided to add it.

So it is an openbsd decision although it is not clear to me if it is a security 
design decision or rather a standards adherence decision, since it seems to me 
that the software that implements this feature does it outside the standards.
My idea was to pass my traffic to mitmproxy and then forward it to suricata.. 
but it seems that mitmproxy does not support pcap. So I thought of exporting the key 
and then using wireshark to decrypt the traffic and then pass it to suricata. 
But this path is also not viable.

Anyway, thank you very much.



 

No comments:

Post a Comment