From 98a830d54e2fb1741ac5fdc05e87ab2fa7471252 Mon Sep 17 00:00:00 2001 From: William Robinet Date: Tue, 23 Mar 2021 14:08:34 +0100 Subject: [PATCH 1/7] Bump version to 1.4b --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 9321d8f..f89cc04 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ([2.69]) -AC_INIT([ssldump], [1.3]) +AC_INIT([ssldump], [1.4b]) AM_INIT_AUTOMAKE([subdir-objects]) AC_CONFIG_SRCDIR([base/pcap-snoop.c]) AC_CONFIG_HEADERS([config.h]) From f59f0150555dc3cf2fa4f16cc9759de270a3ddf4 Mon Sep 17 00:00:00 2001 From: William Robinet Date: Tue, 23 Mar 2021 14:10:30 +0100 Subject: [PATCH 2/7] Docker files initial import --- docker/debian-bullseye/Dockerfile | 27 +++++++++++++++++ docker/debian-bullseye/docker_build.sh | 6 ++++ docker/debian-bullseye/docker_run.sh | 15 ++++++++++ docker/debian-buster/Dockerfile | 27 +++++++++++++++++ docker/debian-buster/docker_build.sh | 6 ++++ docker/debian-buster/docker_run.sh | 15 ++++++++++ docker/debian-stretch/Dockerfile | 27 +++++++++++++++++ docker/debian-stretch/docker_build.sh | 6 ++++ docker/debian-stretch/docker_run.sh | 15 ++++++++++ docker/ubuntu-bionic/Dockerfile | 27 +++++++++++++++++ docker/ubuntu-bionic/docker_build.sh | 6 ++++ docker/ubuntu-bionic/docker_run.sh | 15 ++++++++++ docker/ubuntu-focal/Dockerfile | 27 +++++++++++++++++ docker/ubuntu-focal/docker_build.sh | 6 ++++ docker/ubuntu-focal/docker_run.sh | 15 ++++++++++ docker/ubuntu-groovy/Dockerfile | 27 +++++++++++++++++ docker/ubuntu-groovy/docker_build.sh | 6 ++++ docker/ubuntu-groovy/docker_run.sh | 15 ++++++++++ docker/ubuntu-xenial/Dockerfile | 41 ++++++++++++++++++++++++++ docker/ubuntu-xenial/docker_build.sh | 6 ++++ docker/ubuntu-xenial/docker_run.sh | 15 ++++++++++ 21 files changed, 350 insertions(+) create mode 100644 docker/debian-bullseye/Dockerfile create mode 100755 docker/debian-bullseye/docker_build.sh create mode 100755 docker/debian-bullseye/docker_run.sh create mode 100644 docker/debian-buster/Dockerfile create mode 100755 docker/debian-buster/docker_build.sh create mode 100755 docker/debian-buster/docker_run.sh create mode 100644 docker/debian-stretch/Dockerfile create mode 100755 docker/debian-stretch/docker_build.sh create mode 100755 docker/debian-stretch/docker_run.sh create mode 100644 docker/ubuntu-bionic/Dockerfile create mode 100755 docker/ubuntu-bionic/docker_build.sh create mode 100755 docker/ubuntu-bionic/docker_run.sh create mode 100644 docker/ubuntu-focal/Dockerfile create mode 100755 docker/ubuntu-focal/docker_build.sh create mode 100755 docker/ubuntu-focal/docker_run.sh create mode 100644 docker/ubuntu-groovy/Dockerfile create mode 100755 docker/ubuntu-groovy/docker_build.sh create mode 100755 docker/ubuntu-groovy/docker_run.sh create mode 100644 docker/ubuntu-xenial/Dockerfile create mode 100755 docker/ubuntu-xenial/docker_build.sh create mode 100755 docker/ubuntu-xenial/docker_run.sh diff --git a/docker/debian-bullseye/Dockerfile b/docker/debian-bullseye/Dockerfile new file mode 100644 index 0000000..e179c2e --- /dev/null +++ b/docker/debian-bullseye/Dockerfile @@ -0,0 +1,27 @@ +FROM debian:bullseye-slim + +ENV LANG C +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \ + apt-get clean + +RUN useradd -ms /bin/bash ssldump +RUN passwd -d ssldump +RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +RUN cd /home/ssldump && \ + git clone https://github.com/adulau/ssldump.git build + +RUN cd /home/ssldump/build && \ + ./autogen.sh && \ + ./configure CC=/usr/bin/clang && \ + make && \ + sudo make install + +USER ssldump +WORKDIR "/home/ssldump" + +CMD ["/bin/bash"] diff --git a/docker/debian-bullseye/docker_build.sh b/docker/debian-bullseye/docker_build.sh new file mode 100755 index 0000000..382566c --- /dev/null +++ b/docker/debian-bullseye/docker_build.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ssldump_version=1.4b +distribution=debian-bullseye + +docker build -t "ssldump-${distribution}:${ssldump_version}" . diff --git a/docker/debian-bullseye/docker_run.sh b/docker/debian-bullseye/docker_run.sh new file mode 100755 index 0000000..d415fe2 --- /dev/null +++ b/docker/debian-bullseye/docker_run.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +local_if=ens3f0 +container_ip=172.17.0.2 +ssldump_version=1.4b +distribution=debian-bullseye + +sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} +sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} + +docker run -it ssldump-${distribution}:${ssldump_version} + +sudo iptables -t mangle -D PREROUTING 1 +sudo iptables -t mangle -D POSTROUTING 1 + diff --git a/docker/debian-buster/Dockerfile b/docker/debian-buster/Dockerfile new file mode 100644 index 0000000..4de60d0 --- /dev/null +++ b/docker/debian-buster/Dockerfile @@ -0,0 +1,27 @@ +FROM debian:buster-slim + +ENV LANG C +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \ + apt-get clean + +RUN useradd -ms /bin/bash ssldump +RUN passwd -d ssldump +RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +RUN cd /home/ssldump && \ + git clone https://github.com/adulau/ssldump.git build + +RUN cd /home/ssldump/build && \ + ./autogen.sh && \ + ./configure CC=/usr/bin/clang && \ + make && \ + sudo make install + +USER ssldump +WORKDIR "/home/ssldump" + +CMD ["/bin/bash"] diff --git a/docker/debian-buster/docker_build.sh b/docker/debian-buster/docker_build.sh new file mode 100755 index 0000000..9cd8f9c --- /dev/null +++ b/docker/debian-buster/docker_build.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ssldump_version=1.4b +distribution=debian-buster + +docker build -t "ssldump-${distribution}:${ssldump_version}" . diff --git a/docker/debian-buster/docker_run.sh b/docker/debian-buster/docker_run.sh new file mode 100755 index 0000000..f8b0106 --- /dev/null +++ b/docker/debian-buster/docker_run.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +local_if=ens3f0 +container_ip=172.17.0.2 +ssldump_version=1.4b +distribution=debian-buster + +sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} +sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} + +docker run -it ssldump-${distribution}:${ssldump_version} + +sudo iptables -t mangle -D PREROUTING 1 +sudo iptables -t mangle -D POSTROUTING 1 + diff --git a/docker/debian-stretch/Dockerfile b/docker/debian-stretch/Dockerfile new file mode 100644 index 0000000..8fd5775 --- /dev/null +++ b/docker/debian-stretch/Dockerfile @@ -0,0 +1,27 @@ +FROM debian:stretch-slim + +ENV LANG C +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \ + apt-get clean + +RUN useradd -ms /bin/bash ssldump +RUN passwd -d ssldump +RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +RUN cd /home/ssldump && \ + git clone https://github.com/adulau/ssldump.git build + +RUN cd /home/ssldump/build && \ + ./autogen.sh && \ + ./configure CC=/usr/bin/clang && \ + make && \ + sudo make install + +USER ssldump +WORKDIR "/home/ssldump" + +CMD ["/bin/bash"] diff --git a/docker/debian-stretch/docker_build.sh b/docker/debian-stretch/docker_build.sh new file mode 100755 index 0000000..824a84f --- /dev/null +++ b/docker/debian-stretch/docker_build.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ssldump_version=1.4b +distribution=debian-stretch + +docker build -t "ssldump-${distribution}:${ssldump_version}" . diff --git a/docker/debian-stretch/docker_run.sh b/docker/debian-stretch/docker_run.sh new file mode 100755 index 0000000..a2650c0 --- /dev/null +++ b/docker/debian-stretch/docker_run.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +local_if=ens3f0 +container_ip=172.17.0.2 +ssldump_version=1.4b +distribution=debian-stretch + +sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} +sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} + +docker run -it ssldump-${distribution}:${ssldump_version} + +sudo iptables -t mangle -D PREROUTING 1 +sudo iptables -t mangle -D POSTROUTING 1 + diff --git a/docker/ubuntu-bionic/Dockerfile b/docker/ubuntu-bionic/Dockerfile new file mode 100644 index 0000000..9408a02 --- /dev/null +++ b/docker/ubuntu-bionic/Dockerfile @@ -0,0 +1,27 @@ +FROM ubuntu:bionic + +ENV LANG C +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \ + apt-get clean + +RUN useradd -ms /bin/bash ssldump +RUN passwd -d ssldump +RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +RUN cd /home/ssldump && \ + git clone https://github.com/adulau/ssldump.git build + +RUN cd /home/ssldump/build && \ + ./autogen.sh && \ + ./configure CC=/usr/bin/clang && \ + make && \ + sudo make install + +USER ssldump +WORKDIR "/home/ssldump" + +CMD ["/bin/bash"] diff --git a/docker/ubuntu-bionic/docker_build.sh b/docker/ubuntu-bionic/docker_build.sh new file mode 100755 index 0000000..c9f169b --- /dev/null +++ b/docker/ubuntu-bionic/docker_build.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ssldump_version=1.4b +distribution=ubuntu-bionic + +docker build -t "ssldump-${distribution}:${ssldump_version}" . diff --git a/docker/ubuntu-bionic/docker_run.sh b/docker/ubuntu-bionic/docker_run.sh new file mode 100755 index 0000000..c2ec286 --- /dev/null +++ b/docker/ubuntu-bionic/docker_run.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +local_if=ens3f0 +container_ip=172.17.0.2 +ssldump_version=1.4b +distribution=ubuntu-bionic + +sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} +sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} + +docker run -it ssldump-${distribution}:${ssldump_version} + +sudo iptables -t mangle -D PREROUTING 1 +sudo iptables -t mangle -D POSTROUTING 1 + diff --git a/docker/ubuntu-focal/Dockerfile b/docker/ubuntu-focal/Dockerfile new file mode 100644 index 0000000..c4e02ab --- /dev/null +++ b/docker/ubuntu-focal/Dockerfile @@ -0,0 +1,27 @@ +FROM ubuntu:focal + +ENV LANG C +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \ + apt-get clean + +RUN useradd -ms /bin/bash ssldump +RUN passwd -d ssldump +RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +RUN cd /home/ssldump && \ + git clone https://github.com/adulau/ssldump.git build + +RUN cd /home/ssldump/build && \ + ./autogen.sh && \ + ./configure CC=/usr/bin/clang && \ + make && \ + sudo make install + +USER ssldump +WORKDIR "/home/ssldump" + +CMD ["/bin/bash"] diff --git a/docker/ubuntu-focal/docker_build.sh b/docker/ubuntu-focal/docker_build.sh new file mode 100755 index 0000000..89e99d2 --- /dev/null +++ b/docker/ubuntu-focal/docker_build.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ssldump_version=1.4b +distribution=ubuntu-focal + +docker build -t "ssldump-${distribution}:${ssldump_version}" . diff --git a/docker/ubuntu-focal/docker_run.sh b/docker/ubuntu-focal/docker_run.sh new file mode 100755 index 0000000..bb385d8 --- /dev/null +++ b/docker/ubuntu-focal/docker_run.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +local_if=ens3f0 +container_ip=172.17.0.2 +ssldump_version=1.4b +distribution=ubuntu-focal + +sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} +sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} + +docker run -it ssldump-${distribution}:${ssldump_version} + +sudo iptables -t mangle -D PREROUTING 1 +sudo iptables -t mangle -D POSTROUTING 1 + diff --git a/docker/ubuntu-groovy/Dockerfile b/docker/ubuntu-groovy/Dockerfile new file mode 100644 index 0000000..4d3abf8 --- /dev/null +++ b/docker/ubuntu-groovy/Dockerfile @@ -0,0 +1,27 @@ +FROM ubuntu:groovy + +ENV LANG C +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \ + apt-get clean + +RUN useradd -ms /bin/bash ssldump +RUN passwd -d ssldump +RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +RUN cd /home/ssldump && \ + git clone https://github.com/adulau/ssldump.git build + +RUN cd /home/ssldump/build && \ + ./autogen.sh && \ + ./configure CC=/usr/bin/clang && \ + make && \ + sudo make install + +USER ssldump +WORKDIR "/home/ssldump" + +CMD ["/bin/bash"] diff --git a/docker/ubuntu-groovy/docker_build.sh b/docker/ubuntu-groovy/docker_build.sh new file mode 100755 index 0000000..c700c85 --- /dev/null +++ b/docker/ubuntu-groovy/docker_build.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ssldump_version=1.4b +distribution=ubuntu-groovy + +docker build -t "ssldump-${distribution}:${ssldump_version}" . diff --git a/docker/ubuntu-groovy/docker_run.sh b/docker/ubuntu-groovy/docker_run.sh new file mode 100755 index 0000000..7c1d459 --- /dev/null +++ b/docker/ubuntu-groovy/docker_run.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +local_if=ens3f0 +container_ip=172.17.0.2 +ssldump_version=1.4b +distribution=ubuntu-groovy + +sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} +sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} + +docker run -it ssldump-${distribution}:${ssldump_version} + +sudo iptables -t mangle -D PREROUTING 1 +sudo iptables -t mangle -D POSTROUTING 1 + diff --git a/docker/ubuntu-xenial/Dockerfile b/docker/ubuntu-xenial/Dockerfile new file mode 100644 index 0000000..493c874 --- /dev/null +++ b/docker/ubuntu-xenial/Dockerfile @@ -0,0 +1,41 @@ +FROM ubuntu:xenial + +ENV LANG C +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang wget libpcap-dev libnet1-dev libjson-c-dev iproute2 && \ + apt-get clean + +RUN useradd -ms /bin/bash ssldump +RUN passwd -d ssldump +RUN printf 'Defaults:ssldump env_keep=LD_LIBRARY_PATH\n' | tee -a /etc/sudoers +RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +USER ssldump + +RUN mkdir /home/ssldump/openssl && \ + cd /home/ssldump/openssl && \ + wget https://www.openssl.org/source/openssl-1.1.1j.tar.gz && \ + tar xvfz openssl-1.1.1j.tar.gz && \ + cd openssl-1.1.1j && \ + ./config && \ + make -j 2 + +RUN cd /home/ssldump && \ + git clone https://github.com/adulau/ssldump.git build + +RUN cd /home/ssldump/build && \ + ./autogen.sh && \ + ./configure CFLAGS="-I../openssl/openssl-1.1.1j/include" LDFLAGS="-L../openssl/openssl-1.1.1j -lcrypto -lssl" && \ + make && \ + sudo make install + +ENV LD_LIBRARY_PATH /home/ssldump/openssl/openssl-1.1.1j +RUN printf '#!/bin/bash\nexport LD_LIBRARY_PATH=/home/ssldump/openssl/openssl-1.1.1j\nssldump $@\n' > /home/ssldump/run_ssldump.sh +RUN chmod +x /home/ssldump/run_ssldump.sh + +WORKDIR "/home/ssldump" + +CMD ["/bin/bash"] diff --git a/docker/ubuntu-xenial/docker_build.sh b/docker/ubuntu-xenial/docker_build.sh new file mode 100755 index 0000000..0aff63e --- /dev/null +++ b/docker/ubuntu-xenial/docker_build.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ssldump_version=1.4b +distribution=ubuntu-xenial + +docker build -t "ssldump-${distribution}:${ssldump_version}" . diff --git a/docker/ubuntu-xenial/docker_run.sh b/docker/ubuntu-xenial/docker_run.sh new file mode 100755 index 0000000..582ad04 --- /dev/null +++ b/docker/ubuntu-xenial/docker_run.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +local_if=ens3f0 +container_ip=172.17.0.2 +ssldump_version=1.4b +distribution=ubuntu-xenial + +sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} +sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} + +docker run -it ssldump-${distribution}:${ssldump_version} + +sudo iptables -t mangle -D PREROUTING 1 +sudo iptables -t mangle -D POSTROUTING 1 + From d1114f145a596e21b6be578e978efb16e99d8ee5 Mon Sep 17 00:00:00 2001 From: William Robinet Date: Tue, 23 Mar 2021 16:25:04 +0100 Subject: [PATCH 3/7] Fix file ownership in Dockerfiles --- docker/debian-bullseye/Dockerfile | 5 +++-- docker/debian-buster/Dockerfile | 3 ++- docker/debian-stretch/Dockerfile | 3 ++- docker/ubuntu-bionic/Dockerfile | 3 ++- docker/ubuntu-focal/Dockerfile | 3 ++- docker/ubuntu-groovy/Dockerfile | 3 ++- 6 files changed, 13 insertions(+), 7 deletions(-) diff --git a/docker/debian-bullseye/Dockerfile b/docker/debian-bullseye/Dockerfile index e179c2e..e59fbc9 100644 --- a/docker/debian-bullseye/Dockerfile +++ b/docker/debian-bullseye/Dockerfile @@ -12,16 +12,17 @@ RUN useradd -ms /bin/bash ssldump RUN passwd -d ssldump RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers +USER ssldump + RUN cd /home/ssldump && \ git clone https://github.com/adulau/ssldump.git build RUN cd /home/ssldump/build && \ ./autogen.sh && \ - ./configure CC=/usr/bin/clang && \ + ./configure CC=/usr/bin/clang CFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-strong -Wformat -Werror=format-security -g" && \ make && \ sudo make install -USER ssldump WORKDIR "/home/ssldump" CMD ["/bin/bash"] diff --git a/docker/debian-buster/Dockerfile b/docker/debian-buster/Dockerfile index 4de60d0..c86ce8a 100644 --- a/docker/debian-buster/Dockerfile +++ b/docker/debian-buster/Dockerfile @@ -12,6 +12,8 @@ RUN useradd -ms /bin/bash ssldump RUN passwd -d ssldump RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers +USER ssldump + RUN cd /home/ssldump && \ git clone https://github.com/adulau/ssldump.git build @@ -21,7 +23,6 @@ RUN cd /home/ssldump/build && \ make && \ sudo make install -USER ssldump WORKDIR "/home/ssldump" CMD ["/bin/bash"] diff --git a/docker/debian-stretch/Dockerfile b/docker/debian-stretch/Dockerfile index 8fd5775..3e7ef88 100644 --- a/docker/debian-stretch/Dockerfile +++ b/docker/debian-stretch/Dockerfile @@ -12,6 +12,8 @@ RUN useradd -ms /bin/bash ssldump RUN passwd -d ssldump RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers +USER ssldump + RUN cd /home/ssldump && \ git clone https://github.com/adulau/ssldump.git build @@ -21,7 +23,6 @@ RUN cd /home/ssldump/build && \ make && \ sudo make install -USER ssldump WORKDIR "/home/ssldump" CMD ["/bin/bash"] diff --git a/docker/ubuntu-bionic/Dockerfile b/docker/ubuntu-bionic/Dockerfile index 9408a02..7c44668 100644 --- a/docker/ubuntu-bionic/Dockerfile +++ b/docker/ubuntu-bionic/Dockerfile @@ -12,6 +12,8 @@ RUN useradd -ms /bin/bash ssldump RUN passwd -d ssldump RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers +USER ssldump + RUN cd /home/ssldump && \ git clone https://github.com/adulau/ssldump.git build @@ -21,7 +23,6 @@ RUN cd /home/ssldump/build && \ make && \ sudo make install -USER ssldump WORKDIR "/home/ssldump" CMD ["/bin/bash"] diff --git a/docker/ubuntu-focal/Dockerfile b/docker/ubuntu-focal/Dockerfile index c4e02ab..04502da 100644 --- a/docker/ubuntu-focal/Dockerfile +++ b/docker/ubuntu-focal/Dockerfile @@ -12,6 +12,8 @@ RUN useradd -ms /bin/bash ssldump RUN passwd -d ssldump RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers +USER ssldump + RUN cd /home/ssldump && \ git clone https://github.com/adulau/ssldump.git build @@ -21,7 +23,6 @@ RUN cd /home/ssldump/build && \ make && \ sudo make install -USER ssldump WORKDIR "/home/ssldump" CMD ["/bin/bash"] diff --git a/docker/ubuntu-groovy/Dockerfile b/docker/ubuntu-groovy/Dockerfile index 4d3abf8..57d520a 100644 --- a/docker/ubuntu-groovy/Dockerfile +++ b/docker/ubuntu-groovy/Dockerfile @@ -12,6 +12,8 @@ RUN useradd -ms /bin/bash ssldump RUN passwd -d ssldump RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers +USER ssldump + RUN cd /home/ssldump && \ git clone https://github.com/adulau/ssldump.git build @@ -21,7 +23,6 @@ RUN cd /home/ssldump/build && \ make && \ sudo make install -USER ssldump WORKDIR "/home/ssldump" CMD ["/bin/bash"] From 1c2bf72485887f306b359f9385edfccdd414b8b6 Mon Sep 17 00:00:00 2001 From: William Robinet Date: Tue, 23 Mar 2021 16:26:52 +0100 Subject: [PATCH 4/7] Fix snprintf warning --- ssl/sslprint.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/sslprint.c b/ssl/sslprint.c index 06ec409..7580383 100644 --- a/ssl/sslprint.c +++ b/ssl/sslprint.c @@ -250,7 +250,7 @@ int ssl_expand_record(ssl,q,direction,data,len) Data d; UINT4 ct,vermaj,vermin,length; int version; - char verstr[4]; + char verstr[8]; char enumstr[20]; struct json_object *jobj; jobj = ssl->cur_json_st; @@ -272,7 +272,7 @@ int ssl_expand_record(ssl,q,direction,data,len) P_(P_RH){ explain(ssl," V%d.%d(%d)",vermaj,vermin,length); json_object_object_add(jobj, "record_len", json_object_new_int(length)); - snprintf(verstr,4,"%d.%d",vermaj,vermin); + snprintf(verstr,8,"%d.%d",vermaj,vermin); json_object_object_add(jobj, "record_ver", json_object_new_string(verstr)); } From 15ad7190fbd2877df82157e60af5fd32da868be0 Mon Sep 17 00:00:00 2001 From: William Robinet Date: Wed, 24 Mar 2021 17:03:22 +0100 Subject: [PATCH 5/7] Add support for ja3 & ja3s --- ssl/ssl.enums.c | 243 +++++++++++++++++++++++++++++++++++++++++++++++- ssl/ssl_h.h | 2 + 2 files changed, 242 insertions(+), 3 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index d441fef..f53136d 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -1,4 +1,5 @@ #include +#include #include "network.h" #include "ssl_h.h" #include "sslprint.h" @@ -191,7 +192,6 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) segment *seg; Data *data; { - struct json_object *jobj; jobj = ssl->cur_json_st; json_object_object_add(jobj, "handshake_type", json_object_new_string("ClientHello")); @@ -199,6 +199,16 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) UINT4 vj,vn,cs,cslen,complen,comp,odd,exlen,ex; Data session_id,random; int r; + char *ja3_fp = NULL; + char *ja3_str = NULL; + char *ja3_ver_str = NULL; + char *ja3_cs_str = NULL; + char *ja3_ex_str = NULL; + char *ja3_ec_str = NULL; + char *ja3_ecp_str = NULL; + + ssl->cur_ja3_ec_str = NULL; + ssl->cur_ja3_ecp_str = NULL; extern decoder cipher_suite_decoder[]; extern decoder compression_method_decoder[]; @@ -209,6 +219,9 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) SSL_DECODE_UINT8(ssl,0,0,data,&vj); SSL_DECODE_UINT8(ssl,0,0,data,&vn); + ja3_ver_str = calloc(7,sizeof(char)); + snprintf(ja3_ver_str, 7, "%u", ((vj & 0xff) << 8) | (vn & 0xff)); + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); LF; } @@ -242,8 +255,16 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) 0,data,&cs)) return(1); ssl_print_cipher_suite(ssl,(vj<<8)|vn,P_HL,cs); + if(!ja3_cs_str) + ja3_cs_str = calloc(7, 1); + else + ja3_cs_str = realloc(ja3_cs_str, strlen(ja3_cs_str) + 7); + + snprintf(ja3_cs_str + strlen(ja3_cs_str), 7, "%u-", cs); LF; } + if(ja3_cs_str && ja3_cs_str[strlen(ja3_cs_str) - 1] == '-') + ja3_cs_str[strlen(ja3_cs_str) - 1] = '\0'; } SSL_DECODE_UINT8(ssl,"compressionMethod len",0,data,&complen); @@ -260,6 +281,13 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) explain(ssl , "extensions\n"); while(data->len) { SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); + if(!ja3_ex_str) + ja3_ex_str = calloc(7, 1); + else + ja3_ex_str = realloc(ja3_ex_str, strlen(ja3_ex_str) + 7); + + snprintf(ja3_ex_str + strlen(ja3_ex_str), 7, "%u-", ex); + if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) { decode_extension(ssl,dir,seg,data); P_(P_RH){ @@ -269,7 +297,75 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) } LF; } + if(ja3_ex_str && ja3_ex_str[strlen(ja3_ex_str) - 1] == '-') + ja3_ex_str[strlen(ja3_ex_str) - 1] = '\0'; } + + ja3_ec_str = ssl->cur_ja3_ec_str; + ja3_ecp_str = ssl->cur_ja3_ecp_str; + + if(!ja3_ver_str) { + ja3_ver_str = calloc(1, 1); + *ja3_ver_str = '\0'; + } + + if(!ja3_cs_str) { + ja3_cs_str = calloc(1, 1); + *ja3_cs_str = '\0'; + } + + if(!ja3_ex_str) { + ja3_ex_str = calloc(1, 1); + *ja3_ex_str = '\0'; + } + + if(!ja3_ec_str) { + ja3_ec_str = calloc(1, 1); + *ja3_ec_str = '\0'; + } + + if(!ja3_ecp_str) { + ja3_ecp_str = calloc(1, 1); + *ja3_ecp_str = '\0'; + } + + int ja3_str_len = + strlen(ja3_ver_str) + 1 + + strlen(ja3_cs_str) + 1 + + strlen(ja3_ex_str) + 1 + + strlen(ja3_ec_str) + 1 + + strlen(ja3_ecp_str) + 1; + ja3_str = calloc(ja3_str_len, 1); + snprintf(ja3_str, ja3_str_len, "%s,%s,%s,%s,%s", + ja3_ver_str, ja3_cs_str, ja3_ex_str, ja3_ec_str, ja3_ecp_str); + + MD5_CTX md5; + UCHAR tmp[16]; + + MD5_Init(&md5); + MD5_Update(&md5, ja3_str, ja3_str_len); + MD5_Final(tmp,&md5); + + ja3_fp = calloc(33,1); + *ja3_fp = '\0'; + for(int i=0; i<16; i++) { + snprintf(ja3_fp + strlen(ja3_fp), 3, "%02x", tmp[i]); + } + + json_object_object_add(jobj, "ja3_str", json_object_new_string(ja3_str)); + json_object_object_add(jobj, "ja3_fp", json_object_new_string(ja3_fp)); + + explain(ssl, "ja3 string: %s\n", ja3_str); + explain(ssl, "ja3 fingerprint: %s\n", ja3_fp); + + free(ja3_fp); + free(ja3_str); + free(ja3_ver_str); + free(ja3_cs_str); + free(ja3_ex_str); + free(ja3_ec_str); + free(ja3_ecp_str); + return(0); } @@ -283,6 +379,12 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) int r; Data rnd,session_id; UINT4 vj,vn,exlen,ex; + char *ja3s_fp = NULL; + char *ja3s_str = NULL; + char *ja3s_ver_str = NULL; + char *ja3s_c_str = NULL; + char *ja3s_ex_str = NULL; + extern decoder extension_decoder[]; @@ -295,6 +397,9 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) SSL_DECODE_UINT8(ssl,0,0,data,&vj); SSL_DECODE_UINT8(ssl,0,0,data,&vn); + ja3s_ver_str = calloc(7,sizeof(char)); + snprintf(ja3s_ver_str, 7, "%u", ((vj & 0xff) << 8) | (vn & 0xff)); + ssl->version=vj*256+vn; P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); LF; @@ -312,6 +417,9 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) } ssl_find_cipher(ssl->cipher_suite,&ssl->cs); + ja3s_c_str = calloc(6, 1); + snprintf(ja3s_c_str, 6, "%u", ssl->cipher_suite); + ssl_process_server_session_id(ssl,ssl->decoder,session_id.data, session_id.len); @@ -324,6 +432,13 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) explain(ssl , "extensions\n"); while(data->len) { SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); + if(!ja3s_ex_str) + ja3s_ex_str = calloc(7, 1); + else + ja3s_ex_str = realloc(ja3s_ex_str, strlen(ja3s_ex_str) + 7); + + snprintf(ja3s_ex_str + strlen(ja3s_ex_str), 7, "%u-", ex); + if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) { decode_extension(ssl,dir,seg,data); P_(P_RH){ @@ -333,8 +448,58 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) } LF; } + if(ja3s_ex_str && ja3s_ex_str[strlen(ja3s_ex_str) - 1] == '-') + ja3s_ex_str[strlen(ja3s_ex_str) - 1] = '\0'; } + if(!ja3s_ver_str) { + ja3s_ver_str = calloc(1, 1); + *ja3s_ver_str = '\0'; + } + + if(!ja3s_c_str) { + ja3s_c_str = calloc(1, 1); + *ja3s_c_str = '\0'; + } + + if(!ja3s_ex_str) { + ja3s_ex_str = calloc(1, 1); + *ja3s_ex_str = '\0'; + } + + int ja3s_str_len = + strlen(ja3s_ver_str) + 1 + + strlen(ja3s_c_str) + 1 + + strlen(ja3s_ex_str) + 1; + ja3s_str = calloc(ja3s_str_len, 1); + snprintf(ja3s_str, ja3s_str_len, "%s,%s,%s", + ja3s_ver_str, ja3s_c_str, ja3s_ex_str); + + MD5_CTX md5; + UCHAR tmp[16]; + + MD5_Init(&md5); + MD5_Update(&md5, ja3s_str, ja3s_str_len); + MD5_Final(tmp,&md5); + + ja3s_fp = calloc(33,1); + *ja3s_fp = '\0'; + for(int i=0; i<16; i++) { + snprintf(ja3s_fp + strlen(ja3s_fp), 3, "%02x", tmp[i]); + } + + json_object_object_add(jobj, "ja3s_str", json_object_new_string(ja3s_str)); + json_object_object_add(jobj, "ja3s_fp", json_object_new_string(ja3s_fp)); + + explain(ssl, "ja3s string: %s\n", ja3s_str); + explain(ssl, "ja3s fingerprint: %s\n", ja3s_fp); + + free(ja3s_fp); + free(ja3s_str); + free(ja3s_ver_str); + free(ja3s_c_str); + free(ja3s_ex_str); + return(0); } @@ -2664,6 +2829,78 @@ static int decode_extension(ssl,dir,seg,data) return(0); } +// Extension #10 supported_groups (renamed from "elliptic_curves") +static int decode_extension_supported_groups(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int r,p; + UINT4 l,g; + char *ja3_ec_str = NULL; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + + if(dir==DIR_I2R){ + SSL_DECODE_UINT16(ssl,"supported_groups list length",0,data,&l); + LF; + while(l) { + p=data->len; + SSL_DECODE_UINT16(ssl, "supported group", 0, data, &g); + if(!ja3_ec_str) + ja3_ec_str = calloc(7, 1); + else + ja3_ec_str = realloc(ja3_ec_str, strlen(ja3_ec_str) + 7); + snprintf(ja3_ec_str + strlen(ja3_ec_str), 7, "%u-", g); + l-=(p-data->len); + } + if(ja3_ec_str && ja3_ec_str[strlen(ja3_ec_str) - 1] == '-') + ja3_ec_str[strlen(ja3_ec_str) - 1] = '\0'; + } + else{ + data->len-=l; + data->data+=l; + } + ssl->cur_ja3_ec_str = ja3_ec_str; + return(0); + } + +// Extension #11 ec_point_formats +static int decode_extension_ec_point_formats(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int r,p; + UINT4 l,f; + char *ja3_ecp_str = NULL; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + + if(dir==DIR_I2R){ + SSL_DECODE_UINT8(ssl,"ec_point_formats list length",0,data,&l); + LF; + while(l) { + p=data->len; + SSL_DECODE_UINT8(ssl, "ec point format", 0, data, &f); + if(!ja3_ecp_str) + ja3_ecp_str = calloc(5, 1); + else + ja3_ecp_str = realloc(ja3_ecp_str, strlen(ja3_ecp_str) + 5); + snprintf(ja3_ecp_str + strlen(ja3_ecp_str), 5, "%u-", f); + l-=(p-data->len); + } + if(ja3_ecp_str && ja3_ecp_str[strlen(ja3_ecp_str) - 1] == '-') + ja3_ecp_str[strlen(ja3_ecp_str) - 1] = '\0'; + } + else{ + data->len-=l; + data->data+=l; + } + + ssl->cur_ja3_ecp_str = ja3_ecp_str; + return(0); + } decoder extension_decoder[] = { { @@ -2719,12 +2956,12 @@ decoder extension_decoder[] = { { 10, "supported_groups", - decode_extension + decode_extension_supported_groups }, { 11, "ec_point_formats", - decode_extension + decode_extension_ec_point_formats }, { 12, diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h index 8061d5d..ce67b19 100644 --- a/ssl/ssl_h.h +++ b/ssl/ssl_h.h @@ -109,6 +109,8 @@ typedef struct ssl_obj_ { int indent_depth; int indent_name_len; struct json_object *cur_json_st; + char *cur_ja3_ec_str; + char *cur_ja3_ecp_str; } ssl_obj; typedef struct decoder_ { From 850ab0acb3f61270bd37a72f33edcc3e08692d38 Mon Sep 17 00:00:00 2001 From: William Robinet Date: Wed, 24 Mar 2021 17:47:06 +0100 Subject: [PATCH 6/7] Extract traffic mirroring commands from docker run scripts --- docker/debian-bullseye/docker_run.sh | 8 -------- docker/debian-buster/docker_run.sh | 8 -------- docker/debian-stretch/docker_run.sh | 8 -------- docker/mirror_traffic_to_container.sh | 8 ++++++++ docker/ubuntu-bionic/docker_run.sh | 8 -------- docker/ubuntu-focal/docker_run.sh | 8 -------- docker/ubuntu-groovy/docker_run.sh | 8 -------- docker/ubuntu-xenial/docker_run.sh | 8 -------- 8 files changed, 8 insertions(+), 56 deletions(-) create mode 100755 docker/mirror_traffic_to_container.sh diff --git a/docker/debian-bullseye/docker_run.sh b/docker/debian-bullseye/docker_run.sh index d415fe2..9af67e5 100755 --- a/docker/debian-bullseye/docker_run.sh +++ b/docker/debian-bullseye/docker_run.sh @@ -1,15 +1,7 @@ #!/bin/bash -local_if=ens3f0 -container_ip=172.17.0.2 ssldump_version=1.4b distribution=debian-bullseye -sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} -sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} - docker run -it ssldump-${distribution}:${ssldump_version} -sudo iptables -t mangle -D PREROUTING 1 -sudo iptables -t mangle -D POSTROUTING 1 - diff --git a/docker/debian-buster/docker_run.sh b/docker/debian-buster/docker_run.sh index f8b0106..1c1073b 100755 --- a/docker/debian-buster/docker_run.sh +++ b/docker/debian-buster/docker_run.sh @@ -1,15 +1,7 @@ #!/bin/bash -local_if=ens3f0 -container_ip=172.17.0.2 ssldump_version=1.4b distribution=debian-buster -sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} -sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} - docker run -it ssldump-${distribution}:${ssldump_version} -sudo iptables -t mangle -D PREROUTING 1 -sudo iptables -t mangle -D POSTROUTING 1 - diff --git a/docker/debian-stretch/docker_run.sh b/docker/debian-stretch/docker_run.sh index a2650c0..56db0f2 100755 --- a/docker/debian-stretch/docker_run.sh +++ b/docker/debian-stretch/docker_run.sh @@ -1,15 +1,7 @@ #!/bin/bash -local_if=ens3f0 -container_ip=172.17.0.2 ssldump_version=1.4b distribution=debian-stretch -sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} -sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} - docker run -it ssldump-${distribution}:${ssldump_version} -sudo iptables -t mangle -D PREROUTING 1 -sudo iptables -t mangle -D POSTROUTING 1 - diff --git a/docker/mirror_traffic_to_container.sh b/docker/mirror_traffic_to_container.sh new file mode 100755 index 0000000..a553130 --- /dev/null +++ b/docker/mirror_traffic_to_container.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +local_if=ens3f0 +container_ip=172.17.0.2 + +sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} +sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} + diff --git a/docker/ubuntu-bionic/docker_run.sh b/docker/ubuntu-bionic/docker_run.sh index c2ec286..1199905 100755 --- a/docker/ubuntu-bionic/docker_run.sh +++ b/docker/ubuntu-bionic/docker_run.sh @@ -1,15 +1,7 @@ #!/bin/bash -local_if=ens3f0 -container_ip=172.17.0.2 ssldump_version=1.4b distribution=ubuntu-bionic -sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} -sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} - docker run -it ssldump-${distribution}:${ssldump_version} -sudo iptables -t mangle -D PREROUTING 1 -sudo iptables -t mangle -D POSTROUTING 1 - diff --git a/docker/ubuntu-focal/docker_run.sh b/docker/ubuntu-focal/docker_run.sh index bb385d8..d4ee3af 100755 --- a/docker/ubuntu-focal/docker_run.sh +++ b/docker/ubuntu-focal/docker_run.sh @@ -1,15 +1,7 @@ #!/bin/bash -local_if=ens3f0 -container_ip=172.17.0.2 ssldump_version=1.4b distribution=ubuntu-focal -sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} -sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} - docker run -it ssldump-${distribution}:${ssldump_version} -sudo iptables -t mangle -D PREROUTING 1 -sudo iptables -t mangle -D POSTROUTING 1 - diff --git a/docker/ubuntu-groovy/docker_run.sh b/docker/ubuntu-groovy/docker_run.sh index 7c1d459..f2ba0fa 100755 --- a/docker/ubuntu-groovy/docker_run.sh +++ b/docker/ubuntu-groovy/docker_run.sh @@ -1,15 +1,7 @@ #!/bin/bash -local_if=ens3f0 -container_ip=172.17.0.2 ssldump_version=1.4b distribution=ubuntu-groovy -sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} -sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} - docker run -it ssldump-${distribution}:${ssldump_version} -sudo iptables -t mangle -D PREROUTING 1 -sudo iptables -t mangle -D POSTROUTING 1 - diff --git a/docker/ubuntu-xenial/docker_run.sh b/docker/ubuntu-xenial/docker_run.sh index 582ad04..8c3e8d3 100755 --- a/docker/ubuntu-xenial/docker_run.sh +++ b/docker/ubuntu-xenial/docker_run.sh @@ -1,15 +1,7 @@ #!/bin/bash -local_if=ens3f0 -container_ip=172.17.0.2 ssldump_version=1.4b distribution=ubuntu-xenial -sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip} -sudo iptables -t mangle -I POSTROUTING 1 -o ${local_if} -j TEE --gateway ${container_ip} - docker run -it ssldump-${distribution}:${ssldump_version} -sudo iptables -t mangle -D PREROUTING 1 -sudo iptables -t mangle -D POSTROUTING 1 - From 04deb915a389455a92d7cfc1203d2731dfd8673a Mon Sep 17 00:00:00 2001 From: William Robinet Date: Fri, 26 Mar 2021 09:59:25 +0100 Subject: [PATCH 7/7] Fix ja3(s) length of strings used in MD5 computation + update MD5 functions --- ssl/ssl.enums.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index f53136d..56fd79f 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -339,17 +339,22 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) snprintf(ja3_str, ja3_str_len, "%s,%s,%s,%s,%s", ja3_ver_str, ja3_cs_str, ja3_ex_str, ja3_ec_str, ja3_ecp_str); - MD5_CTX md5; - UCHAR tmp[16]; + EVP_MD_CTX *mdctx; + const EVP_MD *md; + unsigned char md_value[EVP_MAX_MD_SIZE]; + unsigned int md_len, i; - MD5_Init(&md5); - MD5_Update(&md5, ja3_str, ja3_str_len); - MD5_Final(tmp,&md5); + md = EVP_get_digestbyname("MD5"); + mdctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestUpdate(mdctx, ja3_str, strlen(ja3_str)); + EVP_DigestFinal_ex(mdctx, md_value, &md_len); + EVP_MD_CTX_free(mdctx); ja3_fp = calloc(33,1); *ja3_fp = '\0'; - for(int i=0; i<16; i++) { - snprintf(ja3_fp + strlen(ja3_fp), 3, "%02x", tmp[i]); + for(i=0; i<16; i++) { + snprintf(ja3_fp + strlen(ja3_fp), 3, "%02x", md_value[i]); } json_object_object_add(jobj, "ja3_str", json_object_new_string(ja3_str)); @@ -475,17 +480,22 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) snprintf(ja3s_str, ja3s_str_len, "%s,%s,%s", ja3s_ver_str, ja3s_c_str, ja3s_ex_str); - MD5_CTX md5; - UCHAR tmp[16]; + EVP_MD_CTX *mdctx; + const EVP_MD *md; + unsigned char md_value[EVP_MAX_MD_SIZE]; + unsigned int md_len, i; - MD5_Init(&md5); - MD5_Update(&md5, ja3s_str, ja3s_str_len); - MD5_Final(tmp,&md5); + md = EVP_get_digestbyname("MD5"); + mdctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestUpdate(mdctx, ja3s_str, strlen(ja3s_str)); + EVP_DigestFinal_ex(mdctx, md_value, &md_len); + EVP_MD_CTX_free(mdctx); ja3s_fp = calloc(33,1); *ja3s_fp = '\0'; - for(int i=0; i<16; i++) { - snprintf(ja3s_fp + strlen(ja3s_fp), 3, "%02x", tmp[i]); + for(i=0; i<16; i++) { + snprintf(ja3s_fp + strlen(ja3s_fp), 3, "%02x", md_value[i]); } json_object_object_add(jobj, "ja3s_str", json_object_new_string(ja3s_str));