ssldump - (de-facto repository gathering patches around the cyberspace)
Go to file
Alexandre Dulaunoy 7d56234008
Merge pull request #103 from adulau/dependabot/github_actions/actions/upload-artifact-4.3.2
Bump actions/upload-artifact from 3.pre.node20 to 4.3.2
2024-04-22 06:33:11 +02:00
.github Bump actions/upload-artifact from 3.pre.node20 to 4.3.2 2024-04-22 04:19:12 +00:00
base Set packet type for RAW PCAPs 2023-09-12 12:50:12 +02:00
cmake/modules Add FindJSONC.cmake module + fix CMakeLists.txt 2023-08-10 09:36:12 +02:00
common Remove unnecessary parens in return statements 2023-08-16 15:40:29 +02:00
docker Fix README layout 2023-08-14 17:12:20 +02:00
null Remove unnecessary parens in return statements 2023-08-16 15:40:29 +02:00
pcap Remove unnecessary parens in return statements 2023-08-16 15:40:29 +02:00
samples Remove irrelevant log entries, fix session ticket for tls1.2 2023-04-03 10:25:22 +05:30
ssl Minor lint 2023-08-20 12:27:52 +02:00
win32 ssldump_0.9b3.orig.tar.gz Import 2015-01-31 10:13:33 +01:00
.clang-format [clang-format] Do NOT sort include directives 2023-08-14 11:22:18 +02:00
.gitchangelog.rc chg: [build] gitchangelogrc configuration added 2019-05-26 08:09:23 +02:00
.gitignore Rework https://github.com/adulau/ssldump/pull/26 after build system changes 2020-10-06 17:34:58 +02:00
AUTHORS Autoconf setup rewritten 2020-08-27 16:20:38 +02:00
CMakeLists.txt Enable DEBUG flag differently 2023-09-11 11:24:17 +02:00
COPYING Autoconf setup rewritten 2020-08-27 16:20:38 +02:00
COPYRIGHT chg: [copyright] added additional copyright for all new contribution 2021-02-02 15:27:37 +01:00
CREDITS chg: [CREDITS] new contributor added 2023-04-09 10:33:03 +02:00
ChangeLog chg: [doc] version v1.8 released 2023-08-14 11:15:09 +02:00
INSTALL ssldump_0.9b3.orig.tar.gz Import 2015-01-31 10:13:33 +01:00
INSTALL.W32 ssldump_0.9b3.orig.tar.gz Import 2015-01-31 10:13:33 +01:00
NEWS Autoconf setup rewritten 2020-08-27 16:20:38 +02:00
README Link README to README.md 2020-10-03 13:16:11 +02:00
README.md Update README.md 2024-04-01 16:14:19 +02:00
README.old Reorganize README files 2020-10-03 10:32:19 +02:00
_config.yml Set theme jekyll-theme-minimal 2020-04-28 16:04:47 +02:00
build.sh Add basic build script 2023-08-20 12:27:21 +02:00
ssldump.1 Doc update 2023-08-20 16:56:20 +02:00
ssldump.md Doc update 2023-08-20 16:56:20 +02:00

README.md

ssldump - (de-facto repository gathering patches around the cyberspace)

Build CI CodeQL analysis OpenSSF Scorecard

Release and tagging

  • Current version of ssldump is v1.8 (released: 2023-08-14) - ChangeLog

What about the original ssldump?

This repository is composed of the original SSLDUMP 0.9b3 + a myriad of patches (from Debian and other distributions) + contributions via PR

ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic. It also includes a JSON output option, supports JA3 and IPv6.

How to do I run ssldump?

./ssldump -j -ANH -n -i any | jq will run ssldump on all interfaces and output the result in JSON format including ja3 hashes.

For more details, check the man page.

How can I lookup ja3 hashes?

This example will query ja3er.com service to display the known ja3 hashes from the TLS handshaked in the pcap.

./ssldump -r yourcapture.pcap -j | jq -r 'select(.ja3_fp != null) | .ja3_fp' | parallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'

Why do you maintain this repository?

Because it's a mess. The software maintenance process for old free (unmaintained) software like ssldump is a complete chaotic process. I do this to ease my pain and this could help other too (but this is just a collateral damage).

Where ssldump is used?

Where ssldump is available?

Build instructions

Install dependencies on Debian & Ubuntu (as root):

apt install build-essential git cmake ninja-build libssl-dev libpcap-dev libnet1-dev libjson-c-dev

On Fedora, CentOS, RHEL & Rocky (as root):

dnf install git cmake ninja-build gcc openssl-devel libpcap-devel libnet-devel json-c-devel

On OpenBSD (as root):

pkg_add git cmake ninja json-c libnet

On FreeBSD (as root):

pkg install git cmake ninja json-c libnet

On MacOS (as root):

brew install cmake ninja openssl@3 libpcap libnet json-c

Compile & install:

git clone https://github.com/adulau/ssldump.git
cd ssldump
cmake -G Ninja -B build
ninja -C build
./build/ssldump -v
(optional, as root) ninja -C build install

Notes

The "save to pcap" (-w) option by @ryabkov, is heavily based on the work of @droe on https://github.com/droe/sslsplit .

Contributing

The contributing policy is simple. If you have a patch to propose, make a pull-request via the interface. If the patch works for me, it's merged.