FireFox


Decrypting Firefox Traffic Using Wireshark in Ubuntu GNU/Linux

Wireshark is a powerful network protocol analyzer that lets you capture and analyze real-time network traffic. By default, Wireshark does not decrypt encrypted traffic, such as HTTPS, as it is designed to maintain security and privacy. However, there are cases where decrypting network traffic can be helpful in debugging or analyzing security issues. This blog post will guide you through the steps to decrypt Firefox traffic using Wireshark in Ubuntu GNU/Linux.

Step 1: Download and Extract Firefox:

Since Ubuntu uses the snap package manager to install Firefox, which does not provide access to the file system by default, we need to download Firefox from the official website as a tar.gz archive. Open your browser and navigate to the Mozilla Firefox website (https://www.mozilla.org/en-US/firefox/new/) to download the tar.gz package suitable for your Ubuntu version.

Once the download is complete, navigate to the downloaded location and extract the tar.gz file using the following command:

tar -xvf firefox-<version>.tar.gz;

Step 2: Set up the SSLKEYLOGFILE Environment Variable:

To enable Wireshark to decrypt the SSL/TLS traffic from Firefox, we need to set up the SSLKEYLOGFILE environment variable. This variable will point to a log file where Firefox will write the session keys used for encryption. Execute the following command in the terminal:

export SSLKEYLOGFILE="/home/$USER/.ssl-key.log";

This command sets the SSLKEYLOGFILE environment variable to the specified file path, which is /home/$USER/.ssl-key.log. Feel free to change the file path and name to your preference.

Step 3: Launch Wireshark and Configure Preferences:

Open the terminal and start Wireshark by entering the following command:

wireshark;

Once Wireshark runs, go to “Edit” in the menu bar and select “Preferences” from the dropdown menu. This will open the Wireshark Preferences window.

Step 4: Configure TLS Protocol Preferences:

In the Preferences window, locate and select “Protocols” on the left-hand side. Scroll down the protocols list and find “TLS”. Click on it to expand the options.

Within the TLS section, you will find a field labeled “(Pre)-Master-Secret log filename”. Click on the folder icon next to the field and browse to select the file path for the SSLKEYLOGFILE we set earlier.

After selecting the file path, click the “OK” button to save the changes and close the Preferences window.

Step 5: Capture and Decrypt Firefox Traffic:

With the configuration set up, you can now start capturing and decrypting Firefox traffic. Keep the Wireshark application running and launch the Firefox browser you downloaded and extracted earlier.

Wireshark will capture the network traffic as you browse the web using Firefox. You should be able to see the decrypted traffic in the Wireshark capture window.

Conclusion:

Decrypting network traffic using Wireshark can be valuable for analyzing and troubleshooting network-related issues. This blog post covered the steps to decrypt Firefox traffic using Wireshark in Ubuntu GNU/Linux. By downloading Firefox directly from the website, setting up the SSLKEYLOGFILE environment variable, and configuring Wireshark preferences, you can capture and analyze unencrypted network traffic within Wireshark. Remember to use this technique responsibly and respect the privacy of others while conducting network analysis.


How to Keep Firefox Windows on Top in Ubuntu 18.04LTS and Newer

If you’re a frequent user of Mozilla Firefox on Ubuntu 18.04LTS or newer versions (tested up to Ubuntu Desktop 22.04LTS and 23.04), you might have encountered situations where you wished you could keep your Firefox window on top of all other open applications. This can be particularly useful when you want to reference information from a web page while working on other tasks. In this blog post, we’ll guide you through the steps to set Firefox windows on top using native GNOME features.

Gnome has a built-in feature that lets you keep any window on top of others. Here’s how to do it with Firefox:

  1. Open Firefox: Launch Firefox by clicking on its icon in the Ubuntu application launcher or by pressing Super (Windows key) and searching for “Firefox.”
  2. Open the webpage you want to keep on top.
  3. While holding down the Super (Windows key), Right-click on the Firefox application.
  4. The usual menu with the options to manage the window will appear. Select the option “Always on top”.

Please note that the “Always on top” option will appear grayed out if your window is maximized.


How to see the isc2.org Webex Online Instructor-Led courses using your browser only

Recently, we registered for some online instructor-led courses in isc2.org.
We were using a Ubuntu GNU/Linux machine with the latest Firefox / Chromium and even Chrome versions.
There was something wrong with the meeting. When clicking on the Join button, instead of loading, it was trying to download a java applet configuration (CiscoWebExServlet).
After reading about those files and a lot of work, which included setting up a 32-bit version of Firefox with a 32-bit version of the Oracle JRE and installing IcedTea, we managed to connect to the meeting, but we had no audio.

When trying to connect to the meeting via phone, we got no voice.

When trying the mobile application, it required a password, which was never supplied.

So, we had to find another way in!

Using the Network tab of the Inspect Element menu, we clicked on the gear in the upper right corner and enabled the Persist Log option. Then we clicked on the Join button and logged all redirects with their parameters.

In isc2.org virtual class, the Join button has a custom link to https://www.cirqlive.com/, which is used to join the meetings.
Once you click on that button, the browser follows several redirects between webex.com and cirqlive.com, and it ends up on this page https://isc2training.webex.com/tc3300/webcomponents/docshow/meetingframe.do?siteurl=isc2training asking to download the servlet.

From the logged redirects of the above link, we got the request to https://isc2training.webex.com/tc3300/m.do where we got the meeting ID and password in the POST parameters.
Then went to https://signin.webex.com/join added the meeting ID, which led us to this page https://isc2training.webex.com/isc2training/e.php?AT=SI&From=GPS&MK=XXXXXXXX (using fake meeting ID)
We filled in the Session Password and clicked on Join by browser, and we could join as expected.