Devuan image in Qemu (7)
(No. 0) No. 1 No. 2 No. 3 No. 4 No. 5 No. 6 No. 7 No. 8 No. 9 No. 10 No. 11 No. 12 No. 13 No. 14
Pls. see my evolving, primitive, shell-script program:
https://github.com/miroR/tshark-hosts-conv
(you may also need https://github.com/miroR/tshark-streams as well, but the files of this page are obtained with the script from the first.
(on what gets produced by a regular run, of https://github.com/miroR/uncenz of course, and run on the host only, at that).
There are explanations in those programs of mine that you might need to read, to be able to follow.
Qemu worked out of the box with Refracta CD again:
The trace is minimally anonimized (just the MAC addresses, see my script dump_perl_repl.sh --part of uncenz--), and then sanitized for my password and username (all in one packet; that's a kind of work for which my tshark-hosts-conv.sh may be useful if you're looking for some tool), otherwise, in all the rest, it is authentic truth of what happened: dump_170217_2231_g0n.pcap
The password, in this particular trace, was removed with this command:
tshark -r dump_170217_2231_g0n.pcap -Y "frame.number!=5967" -w dump_170217_2231_g0n_noPW.pcap
and you got:
mv -iv dump_170217_2231_g0n_noPW.pcap dump_170217_2231_g0n.pcap
Unfortunately I'm not yet so advanced to build Palemoon in Refracta to be able to substitute it for Firefox (or edit and add a modified optimized build of Firefox to Refracta) to be able to log SSL keys upon connections, from the Virtual Machine client...
But what this time online was about is my posting in some new page after the old one refractasnapshot 10.0.0 (arrived) which new posting of mine --which you can find somewhere later from that link-- can be seen in this screencast (12 minutes 56sec, too long, you had better skim through it):
However, I made this separate page, because there was such huge traffic from all over into my machine.
(
It needs to be told, for understanding why I was surprised, that I have lately been accustomed to pretty much well-controled, not excessive extra traffic, after having learned how to keep unwanted traffic low, over at Palemoon forums:
Tracking protection and NSS SSL secrets logging (two security questions)?
)
And has any of that spilled over into the host from the VM, how do I know? No way can I tell that... Because, while freeforums.org is in the open, and I really didn't need any keys (nobody need any keys to decrypt what's in the open, not even any eventual onlookers: bad!) to see all the traffic that I intended, even my password, what Mozilla, the Schmoog and SourceForge talked was in SSL, and so in this case (I haven't yet accomodated for recording SSL-keys), I couldn't see what they were doing in my system.
NOTE: There is one SSL-key in the SSLKEYLOGFILE, but that's what happeded in my Palemoon browser in the host
(and it's legitimate, and easily decryptable --just updating of the topic on Whonix:
Whonix on Gentoo issues
https://forums.whonix.org/t/whonix-on-gentoo-issues/3188
I guess).
No way can I tell that... But, you know what, Mozilla and the Schmoog (term of endearment for google) very likely can tell! (And likely SourceForge too).
But you can study the files below for yourself. I got to rush now.
---
The main files necessary for this study are listed in:
dump_170217_2231_g0n.pcap dump_170217_2231_g0n_SSLKEYLOGFILE.txt Screen_170217_2231_g0n.png Screen_170217_2231_g0n.webmand verify to: ls-1pg7.sum signed by: ls-1pg7.sum.asc
However, some food for thought I give in these (gotten with a run of tshark-hosts-conv):
pg7/dump_170217_2231_g0n.conv-ip pg7/dump_170217_2231_g0n-frame-http-request-full_uri.txt pg7/dump_170217_2231_g0n.hosts pg7/dump_170217_2231_g0n.POST pg7/tshark-hosts-conv_170221_134154.logwhich verify to: ls-1pg7w.sum signed by: ls-1pg7w.sum.asc
You might find dump_dlo.sh script from my uncenz program more useful then downloading each file separately.