diff --git a/bin/x509/pcap-sslcert.py b/bin/x509/pcap-sslcert.py index c05ae42..7cb06bd 100644 --- a/bin/x509/pcap-sslcert.py +++ b/bin/x509/pcap-sslcert.py @@ -23,13 +23,21 @@ certstring = "" certtag = re.compile('^\s+Certificate\s*$') certtagend = re.compile('^\S+') - +ipv4re = '\d+\.\d+\.\d+\.\d+' +flowre = 'New TCP connection #(\d+): ('+ipv4re+')\(\d+\) <-> ('+ipv4re+')\((\d+)\)' +flow = re.compile(flowre) for l in fileinput.input(args.r): if certtag.match(l): cert = True continue elif certtagend.match(l): cert = None + if flow.search(l): + m = flow.match(l) + session = m.group(1) + srcip = m.group(2) + dstip = m.group(3) + dstport = m.group(4) if (cert is True): certstring += l.rstrip('\n') @@ -41,7 +49,8 @@ for l in fileinput.input(args.r): x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, dercert) fp = x509.digest('sha1').replace(':','').lower() if args.v: - print "Issuer: " + x509.get_issuer().CN + print srcip+"<->"+dstip+":"+dstport + print "Issuer: "+x509.get_issuer().CN print "CN: " + x509.get_subject().CN print OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, x509) certstring = ""