diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 16e9331..89c1b27 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,27 +25,22 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v3 - - name: Install macOS autogen prerequisites - run: brew install autoconf automake - if: ${{ runner.os == 'macOS' }} - - name: ./autogen.sh - run: ./autogen.sh - name: Compiler version run: $CC -v env: CC: ${{ matrix.compiler }} - name: Install Linux dependencies - run: sudo apt install autoconf libssl-dev libpcap-dev libnet1-dev libjson-c-dev + run: sudo apt install cmake ninja-build libssl-dev libpcap-dev libnet1-dev libjson-c-dev if: ${{ runner.os == 'Linux' }} - name: Install macOS dependencies run: | - brew install openssl@3 libpcap libnet json-c + brew install cmake ninja openssl@3 libpcap libnet json-c echo "LDFLAGS=-L$(brew --prefix openssl@3)/lib" >> $GITHUB_ENV echo "CPPFLAGS=-I$(brew --prefix openssl@3)/include" >> $GITHUB_ENV if: ${{ runner.os == 'macOS' }} - - name: ./configure - run: ./configure + - name: cmake -B ${{github.workspace}}/build -G Ninja + run: cmake -B ${{github.workspace}}/build -G Ninja env: CC: ${{ matrix.compiler }} - - name: make - run: make + - name: ninja -C ${{github.workspace}}/build + run: ninja -C ${{github.workspace}}/build diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2cd3a79..3aec2a5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -31,10 +31,9 @@ jobs: languages: ${{ matrix.language }} - name: Build Application using script run: | - ./autogen.sh - sudo apt install autoconf libssl-dev libpcap-dev libnet1-dev libjson-c-dev - ./configure - make + sudo apt install cmake ninja-build libssl-dev libpcap-dev libnet1-dev libjson-c-dev + cmake -B ${{github.workspace}}/build -G Ninja + ninja -C ${{github.workspace}}/build - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 with: diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..de5f87d --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,117 @@ +cmake_minimum_required(VERSION 3.16.3) +include(CheckSymbolExists) + +project( + ssldump + VERSION 1.8 + DESCRIPTION 20230811 + LANGUAGES C +) + +configure_file(base/pcap-snoop.c.in base/pcap-snoop.c) + +set(SOURCES + ${CMAKE_BINARY_DIR}/base/pcap-snoop.c + base/network.c + base/proto_mod.c + base/tcppack.c + base/tcpconn.c + null/null_analyze.c + common/lib/r_data.c + common/lib/r_assoc.c + common/lib/r_errors.c + common/lib/debug.c + ssl/ssl_analyze.c + ssl/ssldecode.c + ssl/sslprint.c + ssl/ssl.enums.c + ssl/sslxprint.c + ssl/ciphersuites.c + ssl/ssl_rec.c + pcap/logpkt.c + pcap/pcap_logger.c + pcap/sys.c +) + +set(CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake/modules/" ${CMAKE_MODULE_PATH}) + +find_package(OpenSSL) +if(NOT OPENSSL_FOUND) + message( FATAL_ERROR +"Unable to find OpenSSL development files on this system +On Debian and Ubuntu systems you can install the required library and header files with + apt install libssl-dev +On Fedora systems, with + dnf install openssl-devel" ) +endif() + +#dnf install openssl-devel libpcap-devel libnet-devel json-c-devel + +find_package(PCAP) +if(NOT PCAP_FOUND) + message( FATAL_ERROR +"Unable to find libpcap development files on this system +On Debian and Ubuntu systems you can install the required library and header files with + apt install libpcap-dev +On Fedora systems, with + dnf install libpcap-devel" ) +endif() + +find_package(LIBNET) +if(NOT LIBNET_FOUND) + message( FATAL_ERROR +"Unable to find libnet development files on this system +On Debian and Ubuntu systems you can install the required library and header files with + apt install libnet1-dev +On Fedora systems, with + dnf install libnet-devel" ) +endif() + +find_package(JSONC) +if(NOT JSONC_FOUND) + message( FATAL_ERROR +"Unable to find libjson-c development files on this system +On Debian and Ubuntu systems you can install the required library and header files with + apt install libjson-c-dev +On Fedora systems, with + dnf install json-c-devel" ) +endif() + +add_executable(${PROJECT_NAME} ${SOURCES}) + +check_symbol_exists(strdup "string.h" HAVE_STRDUP) +if(HAVE_STRDUP) + add_definitions(-DHAVE_STRDUP) +endif() + +add_definitions(-DLINUX) +add_definitions(-DOPENSSL) +add_definitions(-D_DEFAULT_SOURCE=1) + +target_include_directories(ssldump + PRIVATE + ${PROJECT_SOURCE_DIR}/common/include + ${PROJECT_SOURCE_DIR}/common/lib + ${PROJECT_SOURCE_DIR}/null + ${PROJECT_SOURCE_DIR}/ssl + ${PROJECT_SOURCE_DIR}/base + ${PROJECT_SOURCE_DIR}/pcap + ${OPENSSL_INCLUDE_DIR} + ${PCAP_INCLUDE_DIR} + ${LIBNET_INCLUDE_DIR} + ${JSONC_INCLUDE_DIR} +) + +target_link_libraries(ssldump + PRIVATE + ${OPENSSL_LIBRARIES} + ${PCAP_LIBRARY} + ${LIBNET_LIBRARY} + ${JSONC_LIBRARIES} +) + +set(CMAKE_INSTALL_PREFIX "/usr/local") +install(TARGETS ssldump DESTINATION ${CMAKE_INSTALL_PREFIX}/bin) + +set(CMAKE_INSTALL_MANDIR "/usr/local/share/man") +install(FILES ssldump.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) diff --git a/Makefile.am b/Makefile.am deleted file mode 100644 index 77d0190..0000000 --- a/Makefile.am +++ /dev/null @@ -1,37 +0,0 @@ -sbin_PROGRAMS = ssldump -man_MANS = ssldump.1 - -ssldump_SOURCES = \ - base/pcap-snoop.c\ - base/network.c\ - base/proto_mod.c\ - base/tcppack.c\ - base/tcpconn.c\ - null/null_analyze.c\ - common/lib/r_data.c\ - common/lib/r_assoc.c\ - common/lib/r_errors.c\ - common/lib/debug.c\ - ssl/ssl_analyze.c\ - ssl/ssldecode.c\ - ssl/sslprint.c\ - ssl/ssl.enums.c\ - ssl/sslxprint.c\ - ssl/ciphersuites.c\ - ssl/ssl_rec.c\ - pcap/logpkt.c\ - pcap/pcap_logger.c\ - pcap/sys.c - - -ssldump_CPPFLAGS = \ - -I$(top_srcdir)\ - -I$(top_srcdir)/common/include\ - -I$(top_srcdir)/common/lib\ - -I$(top_srcdir)/null\ - -I$(top_srcdir)/ssl\ - -I$(top_srcdir)/base\ - -I$(top_srcdir)/pcap\ - -D_DEFAULT_SOURCE=1\ - -DLINUX\ - -DOPENSSL diff --git a/README.md b/README.md index 66535c0..a9aaf5a 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ includes a JSON output option, supports [JA3](https://github.com/salesforce/ja3) # How to do I run ssldump? -`./ssldump -j -ANH -n -i any | jq` will run ssldump on all interfaces and output the result in JSON format including ja3 hashes. +`./ssldump -j -ANH -n -i any | jq` will run ssldump on all interfaces and output the result in JSON format including ja3 hashes. For more details, check the man page. @@ -29,7 +29,7 @@ For more details, check the man page. This example will query ja3er.com service to display the known ja3 hashes from the TLS handshaked in the pcap. -`ssldump -r yourcapture.pcap -j | jq -r 'select(.ja3_fp != null) | .ja3_fp' | parallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'` +`ssldump -r yourcapture.pcap -j | jq -r 'select(.ja3_fp != null) | .ja3_fp' | parallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'` # Why do you maintain this repository? @@ -53,41 +53,39 @@ other too (but this is just a collateral damage). # Build instructions -On Debian & Ubuntu: +Install dependencies on Debian & Ubuntu (as root): ``` -apt install build-essential autoconf libssl-dev libpcap-dev libnet1-dev libjson-c-dev -./autogen.sh -./configure --prefix=/usr/local -make -(optional) make install +apt install build-essential git cmake ninja-build libssl-dev libpcap-dev libnet1-dev libjson-c-dev ``` -On Fedora, CentOS, RHEL & Rocky: +On Fedora, CentOS, RHEL & Rocky (as root): ``` -dnf install autoconf automake gcc make openssl-devel libpcap-devel libnet-devel json-c-devel -./autogen.sh -./configure --prefix=/usr/local -make -(optional) make install +dnf install git cmake ninja-build gcc openssl-devel libpcap-devel libnet-devel json-c-devel ``` -Optional configuration features (aka ./configure options): +On OpenBSD (as root): ``` - --disable-optimization disable compiler optimizations (change from -O2 to -O0) - --enable-debug enable debug info (add "-g -DDEBUG" to CFLAGS) - --enable-asan enable AddressSanitizer and other checks - add "-fsanitize=address,undefined,leak -Wformat -Werror=format-security - -Werror=array-bounds" to CFLAGS - use libasan with GCC and embedded ASAN with Clang +pkg_add git cmake ninja json-c libnet ``` -Configuration examples: +On FreeBSD (as root): +``` +pkg install git cmake ninja json-c libnet ``` -- Use GCC with libasan, debug info and custom CFLAGS: - ./configure CC=/usr/bin/gcc --enable-asan --enable-debug CFLAGS="-Wall" -- Use Clang with ASAN and no optimizations (-O0) - ./configure CC=/usr/bin/clang --enable-asan --disable-optimization +On MacOS (as root): +``` +brew install cmake ninja openssl@3 libpcap libnet json-c +``` + +Compile & install: +``` +git clone https://github.com/adulau/ssldump.git +cd ssldump +cmake -G Ninja -B build +ninja -C build +./build/ssldump -v +(optional, as root) ninja -C build install ``` # Notes diff --git a/autogen.sh b/autogen.sh deleted file mode 100755 index 4bc5834..0000000 --- a/autogen.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -autoreconf -v -i - - diff --git a/base/Makefile.am b/base/Makefile.am deleted file mode 100644 index e69de29..0000000 diff --git a/base/pcap-snoop.c b/base/pcap-snoop.c.in similarity index 99% rename from base/pcap-snoop.c rename to base/pcap-snoop.c.in index 3d3a85b..c25e9b0 100644 --- a/base/pcap-snoop.c +++ b/base/pcap-snoop.c.in @@ -51,7 +51,9 @@ #include #include +#ifndef __OpenBSD__ #include +#endif #ifndef _WIN32 #include #endif @@ -118,7 +120,7 @@ int usage() int print_version() { - printf(PACKAGE_STRING "\n"); + printf("Version: @ssldump_VERSION@ (@ssldump_DESCRIPTION@)\n"); printf("Maintained by a bunch of volunteers, see https://github.com/adulau/ssldump/blob/master/CREDITS\n"); printf("Copyright (C) 2015-2023 the aforementioned volunteers\n"); printf("Copyright (C) 1998-2001 RTFM, Inc.\n"); diff --git a/cmake/modules/FindJSONC.cmake b/cmake/modules/FindJSONC.cmake new file mode 100644 index 0000000..69b792f --- /dev/null +++ b/cmake/modules/FindJSONC.cmake @@ -0,0 +1,49 @@ +# From https://github.com/fastogt/cmake/blob/master/FindJSON-C.cmake +# Copyright (c) 2018, FastoGT +# License: BSD 3-Clause +# Modified by: Micah Snyder + +# JSONC_FOUND - true if library and headers were found +# JSONC_INCLUDE_DIRS - include directories +# JSONC_LIBRARIES - library directories + +if(JSONC_USE_STATIC) + add_library(jsonc STATIC IMPORTED GLOBAL) +else() + add_library(jsonc SHARED IMPORTED GLOBAL) +endif(JSONC_USE_STATIC) + +find_package(PkgConfig QUIET) +PKG_CHECK_MODULES(PC_JSONC QUIET json-c) + +find_path(JSONC_INCLUDE_DIR json.h + HINTS ${PC_JSONC_INCLUDEDIR} ${PC_JSONC_INCLUDE_DIRS} PATH_SUFFIXES json-c json) + +if(JSONC_USE_STATIC) + find_library(JSONC_LIBRARY NAMES libjson-c.a libjson-c-static.a + HINTS ${PC_JSONC_LIBDIR} ${PC_JSONC_LIBRARY_DIRS}) +else() + find_library(JSONC_LIBRARY NAMES json-c libjson-c + HINTS ${PC_JSONC_LIBDIR} ${PC_JSONC_LIBRARY_DIRS}) +endif(JSONC_USE_STATIC) + +set(JSONC_LIBRARIES ${JSONC_LIBRARY}) +set(JSONC_INCLUDE_DIRS ${JSONC_INCLUDE_DIR}) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(JSONC DEFAULT_MSG JSONC_LIBRARIES JSONC_INCLUDE_DIRS) + +if(JSONC_FOUND AND NOT TARGET JSONC::jsonc) + add_library(JSONC::jsonc UNKNOWN IMPORTED) + set_target_properties(JSONC::jsonc PROPERTIES + IMPORTED_LOCATION "${JSONC_LIBRARY}" + INTERFACE_COMPILE_OPTIONS "${PC_JSONC_CFLAGS_OTHER}" + INTERFACE_INCLUDE_DIRECTORIES "${JSONC_INCLUDE_DIRS}" + ) +endif() + +mark_as_advanced( + JSONC_INCLUDE_DIR + JSONC_LIBRARY +) + diff --git a/cmake/modules/FindLIBNET.cmake b/cmake/modules/FindLIBNET.cmake new file mode 100644 index 0000000..0398212 --- /dev/null +++ b/cmake/modules/FindLIBNET.cmake @@ -0,0 +1,111 @@ +# Copyright 2013 Ettercap Development Team. +# +# Distributed under GPL license. +# + +# Look for the header file +find_path(LIBNET_INCLUDE_DIR + NAMES libnet.h + PATH_SUFFIXES libnet11 libnet-1.1) +mark_as_advanced(LIBNET_INCLUDE_DIR) + +#Look for the library +find_library(LIBNET_LIBRARY + NAMES net libnet + PATH_SUFFIXES libnet11 libnet-1.1) +mark_as_advanced(LIBNET_LIBRARY) + +# Make sure we've got an include dir. +if(NOT LIBNET_INCLUDE_DIR) + if(LIBNET_FIND_REQUIRED AND NOT LIBNET_FIND_QUIETLY) + message(FATAL_ERROR "Could not find LIBNET include directory.") + endif() + return() +endif() + +if(NOT LIBNET_LIBRARY) + if(LIBNET_FIND_REQUIRED AND NOT LIBNET_FIND_QUIETLY) + message(FATAL_ERROR "Could not find LIBNET library.") + endif() + return() +endif() + +#============================================================= +# _LIBNET_GET_VERSION +# Internal function to parse the version number in libnet.h +# _OUT_version = The full version number +# _OUT_version_major = The major version number only +# _OUT_version_minor = The minor version number only +# _libnet_hdr = Header file to parse +#============================================================= +function(_LIBNET_GET_VERSION _OUT_version _OUT_version_major _OUT_version_minor _libnet_hdr) + file(READ ${_libnet_hdr} _contents) + if(_contents) + string(REGEX REPLACE ".*#define LIBNET_VERSION[ \t]+\"([0-9.a-zA-Z-]+)\".*" "\\1" ${_OUT_version} "${_contents}") + + if(NOT ${_OUT_version} MATCHES "[0-9.a-zA-Z-]+") + message(FATAL_ERROR "Version parsing failed for LIBNET_VERSION!") + endif() + + set(${_OUT_version} ${${_OUT_version}} PARENT_SCOPE) + + string(REGEX REPLACE "^([0-9]+)\\.[0-9]+.*" "\\1" ${_OUT_version_major} "${${_OUT_version}}") + string(REGEX REPLACE "^[0-9]+\\.([0-9]+).*" "\\1" ${_OUT_version_minor} "${${_OUT_version}}") + + if(NOT ${_OUT_version_major} MATCHES "[0-9]+" OR NOT ${_OUT_version_minor} MATCHES "[0-9]+") + message(FATAL_ERROR "Version parsing failed for detailed LIBNET_VERSION!: +'${_OUT_version}' '${_OUT_version_major}' '${_OUT_version_minor}'") + endif() + + set(${_OUT_version_major} ${${_OUT_version_major}} PARENT_SCOPE) + set(${_OUT_version_minor} ${${_OUT_version_minor}} PARENT_SCOPE) + + else() + message(FATAL_ERROR "Include file ${_libnet_hdr} does not exist") + endif() +endfunction() + +if(LIBNET_FIND_VERSION) + set(LIBNET_FAILED_VERSION_CHECK true) + _libnet_get_version(LIBNET_VERSION LIBNET_VERSION_MAJOR LIBNET_VERSION_MINOR ${LIBNET_INCLUDE_DIR}/libnet.h) + + if(LIBNET_FIND_VERSION_EXACT) + if(LIBNET_VERSION VERSION_EQUAL LIBNET_FIND_VERSION) + set(LIBNET_FAILED_VERSION_CHECK false) + endif() + else() + if(LIBNET_VERSION VERSION_EQUAL LIBNET_FIND_VERSION OR + LIBNET_VERSION VERSION_GREATER LIBNET_FIND_VERSION) + set(LIBNET_FAILED_VERSION_CHECK false) + endif() + endif() + + if(LIBNET_FAILED_VERSION_CHECK) + if(LIBNET_FIND_REQUIRED AND NOT LIBNET_FIND_QUIETLY) + if(LIBNET_FIND_VERSION_EXACT) + message(FATAL_ERROR "LIBNET version check failed. +Version ${LIBNET_VERSION} was found, version ${LIBNET_FIND_VERSION} is needed exactly.") + else() + message(FATAL_ERROR "LIBNET version check failed. +Version ${LIBNET_VERSION} was found, at least version ${LIBNET_FIND_VERSION} is required") + endif() + endif() + + # If the version check fails, exit out of the module here + return() + endif() + +endif() + +#handle the QUIETLY and REQUIRED arguments and set LIBNET_FOUND to TRUE if +# all listed variables are TRUE +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(LIBNET DEFAULT_MSG LIBNET_LIBRARY LIBNET_INCLUDE_DIR) + +if(LIBNET_FOUND) + set(LIBNET_LIBRARY ${LIBNET_LIBRARY}) + set(LIBNET_INCLUDE_DIR ${LIBNET_INCLUDE_DIR}) + set(LIBNET_VERSION ${LIBNET_VERSION}) + set(LIBNET_VERSION_MAJOR ${LIBNET_VERSION_MAJOR}) + set(LIBNET_VERSION_MINOR ${LIBNET_VERSION_MINOR}) +endif() diff --git a/cmake/modules/FindPCAP.cmake b/cmake/modules/FindPCAP.cmake new file mode 100644 index 0000000..bab6448 --- /dev/null +++ b/cmake/modules/FindPCAP.cmake @@ -0,0 +1,86 @@ +# - Try to find libpcap include dirs and libraries +# +# Usage of this module as follows: +# +# find_package(PCAP) +# +# Variables used by this module, they can change the default behaviour and need +# to be set before calling find_package: +# +# PCAP_ROOT_DIR Set this variable to the root installation of +# libpcap if the module has problems finding the +# proper installation path. +# +# Variables defined by this module: +# +# PCAP_FOUND System has libpcap, include and library dirs found +# PCAP_INCLUDE_DIR The libpcap include directories. +# PCAP_LIBRARY The libpcap library (possibly includes a thread +# library e.g. required by pf_ring's libpcap) +# HAVE_PF_RING If a found version of libpcap supports PF_RING + +find_path(PCAP_ROOT_DIR + NAMES include/pcap.h Include/pcap.h +) + +find_path(PCAP_INCLUDE_DIR + NAMES pcap.h + HINTS ${PCAP_ROOT_DIR}/include +) + +if ( MSVC AND COMPILER_ARCHITECTURE STREQUAL "x86_64" ) + set(_pcap_lib_hint_path ${PCAP_ROOT_DIR}/lib/x64) +else() + set(_pcap_lib_hint_path ${PCAP_ROOT_DIR}/lib) +endif() + +find_library(PCAP_LIBRARY + NAMES pcap wpcap + HINTS ${_pcap_lib_hint_path} +) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(PCAP DEFAULT_MSG + PCAP_LIBRARY + PCAP_INCLUDE_DIR +) + +include(CheckCSourceCompiles) +set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY}) +check_c_source_compiles("int main() { return 0; }" PCAP_LINKS_SOLO) +set(CMAKE_REQUIRED_LIBRARIES) + +# check if linking against libpcap also needs to link against a thread library +if (NOT PCAP_LINKS_SOLO) + find_package(Threads) + if (THREADS_FOUND) + set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY} ${CMAKE_THREAD_LIBS_INIT}) + check_c_source_compiles("int main() { return 0; }" PCAP_NEEDS_THREADS) + set(CMAKE_REQUIRED_LIBRARIES) + endif () + if (THREADS_FOUND AND PCAP_NEEDS_THREADS) + set(_tmp ${PCAP_LIBRARY} ${CMAKE_THREAD_LIBS_INIT}) + list(REMOVE_DUPLICATES _tmp) + set(PCAP_LIBRARY ${_tmp} + CACHE STRING "Libraries needed to link against libpcap" FORCE) + else () + message(FATAL_ERROR "Couldn't determine how to link against libpcap") + endif () +endif () + +string(FIND "${PCAP_LIBRARY}" "wpcap" _pcap_lib_is_wpcap) +if ( _pcap_lib_is_wpcap GREATER_EQUAL 0 ) + set(HAVE_WPCAP TRUE) +endif() + +include(CheckFunctionExists) +set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY}) +check_function_exists(pcap_get_pfring_id HAVE_PF_RING) +check_function_exists(pcap_dump_open_append HAVE_PCAP_DUMP_OPEN_APPEND) +set(CMAKE_REQUIRED_LIBRARIES) + +mark_as_advanced( + PCAP_ROOT_DIR + PCAP_INCLUDE_DIR + PCAP_LIBRARY +) diff --git a/common/Makefile.am b/common/Makefile.am deleted file mode 100644 index 0262e4d..0000000 --- a/common/Makefile.am +++ /dev/null @@ -1 +0,0 @@ -SUBDIRS = lib diff --git a/common/lib/Makefile.am b/common/lib/Makefile.am deleted file mode 100644 index e69de29..0000000 diff --git a/configure.ac b/configure.ac deleted file mode 100644 index 5eafab7..0000000 --- a/configure.ac +++ /dev/null @@ -1,182 +0,0 @@ -# -*- Autoconf -*- -# Process this file with autoconf to produce a configure script. - -AC_PREREQ([2.69]) -AC_INIT([ssldump], [1.4]) -AM_INIT_AUTOMAKE([subdir-objects]) -AC_CONFIG_SRCDIR([base/pcap-snoop.c]) -AC_CONFIG_HEADERS([config.h]) - -AC_CANONICAL_HOST - -# Checks for programs. -: ${CFLAGS=""} -AC_PROG_CC([gcc clang]) -AM_PROG_CC_C_O -AC_PROG_MAKE_SET -AC_PROG_INSTALL - -# Checks for header files. -AC_CHECK_HEADERS([arpa/inet.h memory.h netdb.h netinet/in.h stdlib.h string.h sys/param.h sys/socket.h sys/time.h unistd.h],,[AC_MSG_ERROR([Missing header.])]) -AC_HEADER_STDC -AC_HEADER_TIME - -# Checks for typedefs, structures, and compiler characteristics. -AC_CHECK_SIZEOF([unsigned short]) -AC_CHECK_SIZEOF([unsigned int]) -AC_CHECK_SIZEOF([unsigned long]) -AC_CHECK_SIZEOF([unsigned long long]) - -# Checks for library functions. -AC_CHECK_FUNCS([malloc realloc gethostbyaddr gettimeofday inet_ntoa isascii memmove memset strchr strdup strstr strtol]) - -have_pcap=no -AC_SEARCH_LIBS([pcap_create], [pcap], [have_pcap=yes]) - -if test "x${have_pcap}" = xyes; then - AC_CHECK_HEADERS([pcap.h pcap-bpf.h], [], [have_pcap=no]) -fi - -if test "x${have_pcap}" = xno; then - AC_MSG_ERROR([ ---------------------------------------- -Unable to find libpcap on this system -Check 'config.log' for more information - -On Debian and Ubuntu systems you can -install the required library and header -files with - apt install libpcap-dev ---------------------------------------- - ]) -fi - -have_ssl=no -AC_SEARCH_LIBS([OPENSSL_init_ssl], [ssl], [have_ssl=yes]) -AC_SEARCH_LIBS(CRYPTO_new_ex_data, [crypto], [have_crypto=yes]) - -if test "x${have_ssl}" = xyes; then - AC_CHECK_HEADERS([openssl/ssl.h], [], [have_ssl=no]) -fi - -if test "x${have_ssl}" = xno; then - AC_MSG_ERROR([ ---------------------------------------- -Unable to find libssl on this system -Check 'config.log' for more information - -On Debian and Ubuntu systems you can -install the required library and header -files with - apt install libssl-dev ---------------------------------------- - ]) -fi - -have_libnet=no -AC_SEARCH_LIBS([libnet_init], [net], [have_libnet=yes]) - -if test "x${have_libnet}" = xyes; then - AC_CHECK_HEADERS([libnet.h], [], [have_libnet=no]) -fi - -if test "x${have_libnet}" = xno; then - AC_MSG_ERROR([ ---------------------------------------- -Unable to find libnet on this system -Check 'config.log' for more information - -On Debian and Ubuntu systems you can -install the required library and header -files with - apt install libnet1-dev ---------------------------------------- - ]) -fi - -have_libjson_c=no -AC_SEARCH_LIBS([json_object_new_object], [json-c], [have_libjson_c=yes]) - -if test "x${have_libjson_c}" = xyes; then - AC_CHECK_HEADERS([json-c/json.h], [], [have_libjson_c=no]) -fi - -if test "x${have_libjson_c}" = xno; then - AC_MSG_ERROR([ ---------------------------------------- -Unable to find libjson-c on this system -Check 'config.log' for more information - -On Debian and Ubuntu systems you can -install the required library and header -files with - apt install libjson-c-dev ---------------------------------------- - ]) -fi - -AC_ARG_ENABLE([optimization], - [ --disable-optimization disable compiler optimizations], - [optimization=${enableval}], [optimization=yes]) - -if test "x${optimization}" = xno; then - CFLAGS="$CFLAGS -O0" -else - CFLAGS="$CFLAGS -O2" -fi - -AC_ARG_ENABLE([debug], - [ --enable-debug enable debug info], - [debug=${enableval}], [debug=no]) - -if test "x${debug}" = xyes; then - CFLAGS="$CFLAGS -g -DDEBUG" -fi - -AC_ARG_ENABLE([asan], - [ --enable-asan enable AddressSanitizer and other checks], - [asan=${enableval}], [asan=no]) - -if test "x${asan}" = xyes; then - AS_CASE([$CC], - [*gcc*], [AC_CHECK_LIB(asan, _init)], - [*clang*], [have_clang=yes], - [have_clang=no]) - - if (test "x${ac_cv_lib_asan__init}" = xyes || test "x$have_clang" = xyes); then - CFLAGS="$CFLAGS \ --fsanitize=address,undefined,leak \ --Wformat \ --Werror=format-security \ --Werror=array-bounds" - else - AC_MSG_WARN("AddressSanitizer not supported") - asan=no - fi -fi - -AC_CONFIG_FILES([Makefile - common/Makefile - common/lib/Makefile - null/Makefile - ssl/Makefile - pcap/Makefile - base/Makefile]) - -AC_OUTPUT - -echo -echo "################################################" -echo "SSLDump build setup" -echo " Host system: $host_os" -echo " Host architecture: $host_cpu" -echo " Compiler: $CC" -echo " Installation prefix: $prefix" -echo " CFLAGS: $CFLAGS" -echo " LDFLAGS: $LDFLAGS" -echo " LIBS: $LIBS" -echo " Optimizations enabled: $optimization" -echo " Debug info enabled: $debug" -echo " ASAN enabled: $asan" -echo "################################################" - diff --git a/null/Makefile.am b/null/Makefile.am deleted file mode 100644 index e69de29..0000000 diff --git a/pcap/Makefile.am b/pcap/Makefile.am deleted file mode 100644 index e69de29..0000000 diff --git a/pcap/pcap_logger.c b/pcap/pcap_logger.c index 4f76eed..a2ada57 100644 --- a/pcap/pcap_logger.c +++ b/pcap/pcap_logger.c @@ -1,7 +1,9 @@ #include #include +#ifndef __OpenBSD__ #include +#endif #include #include #include diff --git a/ssl/Makefile.am b/ssl/Makefile.am deleted file mode 100644 index e69de29..0000000 diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 2ecbd63..0f4eb4f 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -1,4 +1,4 @@ -#include +#include #include #include "network.h" #include "ssl_h.h" diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c index 188f2b7..de2d7f0 100644 --- a/ssl/ssl_analyze.c +++ b/ssl/ssl_analyze.c @@ -44,7 +44,7 @@ */ -#include +#include #include #include #include "network.h" diff --git a/ssl/sslprint.c b/ssl/sslprint.c index 355db29..7e62bbb 100644 --- a/ssl/sslprint.c +++ b/ssl/sslprint.c @@ -44,7 +44,7 @@ */ -#include +#include #include #include #include "network.h" diff --git a/ssl/sslxprint.c b/ssl/sslxprint.c index 4127eb4..3e0f02a 100644 --- a/ssl/sslxprint.c +++ b/ssl/sslxprint.c @@ -44,7 +44,7 @@ */ -#include +#include #include "network.h" #include "ssl_h.h" #include "sslprint.h" diff --git a/ssldump.1 b/ssldump.1 index 027aca7..474c309 100644 --- a/ssldump.1 +++ b/ssldump.1 @@ -61,7 +61,7 @@ ssldump \- dump SSL traffic on a network .na .B ssldump [ -.B \-aAdeFHjnNPqtTvxXy +.B \-aAdeFHjnNPqtTvxXyz ] [ .B \-i .I interface diff --git a/ssldump.md b/ssldump.md index bab1e49..aa61f2d 100644 --- a/ssldump.md +++ b/ssldump.md @@ -3,7 +3,7 @@ 9th April 2023 - version 1.7 ``` -.na ssldump [ -aAdeFHjnNPqtTvxXy ] [ -i interface ] +.na ssldump [ -aAdeFHjnNPqtTvxXyz ] [ -i interface ] .ti +8 [ -k keyfile ] [ -l sslkeylogfile ] [ -p password ] [ -r dumpfile ] [ -w outputpcap ] .ti +8 [ -S [ crypto | d | ht | H | nroff ] ] [ expression ] @@ -138,6 +138,8 @@ _/dev/bpf*_. * **-y** Decorate the output for processing with nroff/troff. Not very useful for the average user. +* **-z** + Add timestamp in front of TCP packet description (-T) * _expression_ Selects what packets _ssldump_ will examine. Technically speaking, _ssldump_ supports the full expression syntax from PCAP and tcpdump.