SSLKEYLOGFILE for log SSL KEYS and decrypt HTTPS traffic ? (like chromium or firefox)

1,390 views
Skip to first unread message

yatt...@gmail.com

unread,
Oct 27, 2017, 11:07:41 AM10/27/17
to CEF Python
Hi everyone,
I'm starting to develop an "app" for forensics use (if someone know DEFT Linux maybe can know the scope).

For my project, I need to log the SSL KEY for decrypt SSL/TLS traffic with wireshark after the acquisition activities for forensics use, being able to use it as a prove in legal context.

I have introduced this context to not mislead my words, my request is for a fair use and a good cause not for fraud :)

In chrome/chromium and Firefox is possible set a environment variable to set a file where saving the SSL Keys:

export SSLKEYLOGFILE=/media/evidences/mywork/keys

and when browser start to "surf", it save in this path all SSL Keys for any HTTPS request.

Can this be replicated in CEFPython?

if yes, how can use it ?
if no, where can put my hands in the source code for try to implement it?

Note:
I know that it is possible to use a Man-In-The-Middle technique with a proxy that strips and replaces SSL certificate, but because I need to work in forensics mode, I can not change any data (not even a bit) , especially the certificate :)

Thanks and best regards :)

Massimiliano Dal Cero

Czarek Tomczak

unread,
Oct 28, 2017, 1:23:39 AM10/28/17
to CEF Python
Hi Massimiliano,

Currently CEF Python exposes only OnCertificateError callback. There are more APIs in upstream in regards to ssl, but have not yet been exposed:

1. OnSelectClientCertificate: https://github.com/chromiumembedded/cef/blob/2773518869b5f57a848e807ddb2ee30adbf1c255/include/cef_request_handler.h#L300

2. CefSSLInfo: https://github.com/chromiumembedded/cef/blob/2773518869b5f57a848e807ddb2ee30adbf1c255/include/cef_ssl_info.h#L46

3. CefSSLStatus: https://github.com/chromiumembedded/cef/blob/2773518869b5f57a848e807ddb2ee30adbf1c255/include/cef_ssl_status.h#L45

If this is still not what you're looking for then try asking on upstream CEF Forum.

Best regards.

yatt...@gmail.com

unread,
Oct 28, 2017, 1:04:39 PM10/28/17
to CEF Python
Hi Czarek,
thankf for your kind reply :)

I try to ask another question about this topic:

when CEFPython load a URL, it use a socket made in python or use network library of chromium?

if I wanted put my hands somewhere, I need to add this "feature" on python or over CEF?

Thanks
Best regards

Czarek Tomczak

unread,
Oct 28, 2017, 2:33:14 PM10/28/17
to CEF Python
Requests are made using Chromium libraries.

Czarek Tomczak

unread,
Oct 29, 2017, 2:00:34 AM10/29/17
to CEF Python
It is possible to use Python network library instead of Chromium's. There is a wxpython-response.py example that implements ResourceHandler with the use of WebRequest object and WebRequestClient interface to allow for reading/modifying web requests. You could modify this example to use Python library to make requests instead of using CEF's WebRequest API. Note that this example is from an old cefpython31 branch and was tested only on Linux, thus it is not a supported example.

yatt...@gmail.com

unread,
Oct 29, 2017, 6:34:46 AM10/29/17
to CEF Python
Hi Czarek, thanks a lot for your suggestion :)
very preciuous ;)


I need to work in linux, so this can be perfect for me, but when you say:

"implements ResourceHandler with the use of WebRequest object and WebRequestClient interface to allow for reading/modifying web requests"

These implementations can be done also with current version of cefpython or I need to use an old version ?


Now I take a look :)


Thanks :)
Best regards
Massimiliano

Czarek Tomczak

unread,
Oct 29, 2017, 8:29:16 AM10/29/17
to CEF Python
Latest version still supports these APIs.

yatt...@gmail.com

unread,
Oct 30, 2017, 5:58:11 AM10/30/17
to CEF Python
Hi Czarek,
sorry if continue to disturb you :(
I do not want to take advantage of you but your help is very precious

I read the code and if I understood correctly, I need to modify the row 152 and 153 in the method ProcessRequest inside the class ResourceHandler:

self._webRequest = cefpython.WebRequest.Create(
request, self._webRequestClient)


more precisely I need to create a new class "webRequest" compatibly with cefpython.WebRequest definition.


Sounds good? :)


Thanks and best regards
Massimiliano

Czarek Tomczak

unread,
Oct 30, 2017, 6:22:16 AM10/30/17
to CEF Python
What you need to do is to implement ResourceHandler:
https://github.com/cztomczak/cefpython/blob/master/api/ResourceHandler.md#resourcehandler-interface

WebRequest and WebRequestClient are APIs specific to Chromium for handling requests. Any references to these are to be deleted.

yatt...@gmail.com

unread,
Oct 31, 2017, 2:00:56 PM10/31/17
to CEF Python
Hi Czarek,
I follow your suggestion and ... WORK :D

I remove all wx reference and ".so" library (is like a hello_world example) and inside it I use Urllib3 instead of chromium library.

Furthermore inside Urllib3 is possible to use PyOpenSSL that can trace sessionid and master_key.

if it may be of interest, I can send it to you :)

Only one note:
loading perfomances are slightly slower :(

THANKS for your help !!!

Best regards
Massimiliano

Czarek Tomczak

unread,
Oct 31, 2017, 11:43:42 PM10/31/17
to CEF Python
Great to hear that. If you like you can post your example on https://gist.github.com/ and reference it here, others might find it useful.

yatt...@gmail.com

unread,
Nov 4, 2017, 6:37:09 PM11/4/17
to CEF Python
In the next days I try to send my little code :)

At the moment, the performance are better (I introduced threads to handle urllib3).

only a few things have abnormal behaviors
- facebook notifications (chat and all other features works ... bah)
- url with "chrome-extension://" protocol (?)

Reply all
Reply to author
Forward
0 new messages