adulau/crl-monitor
1
0
Fork 0
mirror of https://github.com/adulau/crl-monitor.git synced 2024-11-22 10:07:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

Include source and destination IP addresses

Browse source
This commit is contained in:
Alexandre Dulaunoy 2015-02-01 14:32:25 +01:00
parent b1643dab64
commit 8411b99e9c
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
bin/x509/pcap-sslcert.py
View file

@ -23,13 +23,21 @@ certstring = ""
certtag = re.compile('^\s+Certificate\s*$') certtag = re.compile('^\s+Certificate\s*$')
certtagend = re.compile('^\S+') certtagend = re.compile('^\S+')
ipv4re = '\d+\.\d+\.\d+\.\d+'
flowre = 'New TCP connection #(\d+): ('+ipv4re+')\(\d+\) <-> ('+ipv4re+')\((\d+)\)'
flow = re.compile(flowre)
for l in fileinput.input(args.r): for l in fileinput.input(args.r):
if certtag.match(l): if certtag.match(l):
cert = True cert = True
continue continue
elif certtagend.match(l): elif certtagend.match(l):
cert = None cert = None
if flow.search(l):
m = flow.match(l)
session = m.group(1)
srcip = m.group(2)
dstip = m.group(3)
dstport = m.group(4)
if (cert is True): if (cert is True):
certstring += l.rstrip('\n') certstring += l.rstrip('\n')
@ -41,7 +49,8 @@ for l in fileinput.input(args.r):
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, dercert) x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, dercert)
fp = x509.digest('sha1').replace(':','').lower() fp = x509.digest('sha1').replace(':','').lower()
if args.v: if args.v:
print "Issuer: " + x509.get_issuer().CN print srcip+"<->"+dstip+":"+dstport
print "Issuer: "+x509.get_issuer().CN
print "CN: " + x509.get_subject().CN print "CN: " + x509.get_subject().CN
print OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, x509) print OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, x509)
certstring = "" certstring = ""