mirror of
https://github.com/adulau/ssldump.git
synced 2024-11-24 18:37:05 +00:00
ssldump-0.9-openssl.patch
This commit is contained in:
parent
ea12dfe6d2
commit
b15b27c315
4 changed files with 75 additions and 24 deletions
|
@ -206,7 +206,7 @@ int main(argc,argv)
|
|||
|
||||
signal(SIGINT,sig_handler);
|
||||
|
||||
while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){
|
||||
while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){
|
||||
switch(c){
|
||||
case 'v':
|
||||
print_version();
|
||||
|
@ -227,6 +227,9 @@ int main(argc,argv)
|
|||
case 'a':
|
||||
NET_print_flags |= NET_PRINT_ACKS;
|
||||
break;
|
||||
case 'A':
|
||||
SSL_print_flags |= SSL_PRINT_ALL_FIELDS;
|
||||
break;
|
||||
case 'T':
|
||||
NET_print_flags |= NET_PRINT_TCP_HDR;
|
||||
break;
|
||||
|
|
|
@ -133,7 +133,7 @@ flag_struct flags[]={
|
|||
SSL_PRINT_DECODE
|
||||
},
|
||||
{
|
||||
0,
|
||||
'y',
|
||||
"nroff",
|
||||
SSL_PRINT_NROFF
|
||||
},
|
||||
|
|
|
@ -51,6 +51,7 @@
|
|||
#include <openssl/ssl.h>
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#endif
|
||||
#include "ssldecode.h"
|
||||
|
@ -131,7 +132,8 @@ int ssl_decode_ctx_create(dp,keyfile,pass)
|
|||
ssl_decode_ctx *d=0;
|
||||
int r,_status;
|
||||
|
||||
SSLeay_add_all_algorithms();
|
||||
SSL_library_init();
|
||||
OpenSSL_add_all_algorithms();
|
||||
if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx))))
|
||||
ABORT(R_NO_MEMORY);
|
||||
if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method())))
|
||||
|
|
88
ssldump.1
88
ssldump.1
|
@ -61,12 +61,9 @@ ssldump \- dump SSL traffic on a network
|
|||
.na
|
||||
.B ssldump
|
||||
[
|
||||
.B \-vtaTnsAxXhHVNdq
|
||||
.B \-vTshVq
|
||||
.B \-aAdeHnNqTxXvy
|
||||
] [
|
||||
.B \-r
|
||||
.I dumpfile
|
||||
]
|
||||
[
|
||||
.B \-i
|
||||
.I interface
|
||||
]
|
||||
|
@ -81,6 +78,16 @@ ssldump \- dump SSL traffic on a network
|
|||
.I password
|
||||
]
|
||||
[
|
||||
.B \-r
|
||||
.I dumpfile
|
||||
]
|
||||
.br
|
||||
.ti +8
|
||||
[
|
||||
.B \-S
|
||||
.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|]
|
||||
]
|
||||
[
|
||||
.I expression
|
||||
]
|
||||
.br
|
||||
|
@ -125,6 +132,7 @@ any user may run
|
|||
You must have read access to
|
||||
.IR /dev/bpf* .
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B \-a
|
||||
Print bare TCP ACKs (useful for observing Nagle behavior)
|
||||
.TP
|
||||
|
@ -135,7 +143,7 @@ the most interesting fields)
|
|||
.B \-d
|
||||
Display the application data traffic. This usually means
|
||||
decrypting it, but when -d is used ssldump will also decode
|
||||
application data traffic _before_ the SSL session initiates.
|
||||
application data traffic \fIbefore\fP the SSL session initiates.
|
||||
This allows you to see HTTPS CONNECT behavior as well as
|
||||
SMTP STARTTLS. As a side effect, since ssldump can't tell
|
||||
whether plaintext is traffic before the initiation of an
|
||||
|
@ -148,18 +156,9 @@ dumps. See also -X.
|
|||
.B \-e
|
||||
Print absolute timestamps instead of relative timestamps
|
||||
.TP
|
||||
.B \-r
|
||||
Read data from \fIfile\fP instead of from the network.
|
||||
The old -f option still works but is deprecated and will
|
||||
probably be removed with the next version.
|
||||
.B \-H
|
||||
Print the full SSL packet header.
|
||||
.TP
|
||||
.B \-k
|
||||
Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
|
||||
Previous versions of ssldump automatically looked in ./server.pem.
|
||||
Now you must specify your keyfile every time.
|
||||
.TP
|
||||
.B \-n
|
||||
Don't try to resolve host names from IP addresses
|
||||
.TP
|
||||
|
@ -176,6 +175,12 @@ Don't put the interface into promiscuous mode.
|
|||
.B \-q
|
||||
Don't decode any record fields beyond a single summary line. (quiet mode).
|
||||
.TP
|
||||
.B \-T
|
||||
Print the TCP headers.
|
||||
.TP
|
||||
.B \-v
|
||||
Display version and copyright information.
|
||||
.TP
|
||||
.B \-x
|
||||
Print each record in hex, as well as decoding it.
|
||||
.TP
|
||||
|
@ -183,13 +188,48 @@ Print each record in hex, as well as decoding it.
|
|||
When the -d option is used, binary data is automatically printed
|
||||
in two columns with a hex dump on the left and the printable characters
|
||||
on the right. -X suppresses the display of the printable characters,
|
||||
thus making it easier to cut and paste the hext data into some other
|
||||
thus making it easier to cut and paste the hex data into some other
|
||||
program.
|
||||
.TP
|
||||
.B \-y
|
||||
Decorate the output for processing with troff. Not very
|
||||
Decorate the output for processing with nroff/troff. Not very
|
||||
useful for the average user.
|
||||
.TP
|
||||
.IP "\fI expression\fP"
|
||||
.BI \-i " interface"
|
||||
Use \fIinterface\fP as the network interface on which to sniff SSL/TLS
|
||||
traffic.
|
||||
.TP
|
||||
.BI \-k " keyfile"
|
||||
Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
|
||||
Previous versions of ssldump automatically looked in ./server.pem.
|
||||
Now you must specify your keyfile every time.
|
||||
.TP
|
||||
.BI \-p " password"
|
||||
Use \fIpassword\fP as the SSL keyfile password.
|
||||
.TP
|
||||
.BI \-r " file"
|
||||
Read data from \fIfile\fP instead of from the network.
|
||||
The old -f option still works but is deprecated and will
|
||||
probably be removed with the next version.
|
||||
.TP
|
||||
.BI \-S " [ " crypto " | " d " | " ht " | " H " ]"
|
||||
Specify SSL flags to ssldump. These flags include:
|
||||
.RS
|
||||
.TP
|
||||
.I crypto
|
||||
Print cryptographic information.
|
||||
.TP
|
||||
.I d
|
||||
Print fields as decoded.
|
||||
.TP
|
||||
.I ht
|
||||
Print the handshake type.
|
||||
.TP
|
||||
.I H
|
||||
Print handshake type and highlights.
|
||||
.RE
|
||||
.TP
|
||||
\fIexpression\fP
|
||||
.RS
|
||||
Selects what packets ssldump will examine. Technically speaking,
|
||||
ssldump supports the full expression syntax from PCAP and tcpdump.
|
||||
|
@ -200,7 +240,7 @@ that ssldump will simply ignore. Only the expressions which
|
|||
don't result in incomplete TCP streams are listed here.
|
||||
.LP
|
||||
The \fIexpression\fP consists of one or more
|
||||
.I primitives.
|
||||
.IR primitives .
|
||||
Primitives usually consist of an
|
||||
.I id
|
||||
(name or number) preceded by one or more qualifiers. There are three
|
||||
|
@ -512,5 +552,11 @@ direct experience with ssldump on other networks, please send me patches.
|
|||
.LP
|
||||
ssldump doesn't implement session caching and therefore can't decrypt
|
||||
resumed sessions.
|
||||
|
||||
|
||||
.LP
|
||||
.SH SEE ALSO
|
||||
.LP
|
||||
.BR tcpdump (1)
|
||||
.LP
|
||||
.SH AUTHOR
|
||||
.LP
|
||||
ssldump was written by Eric Rescorla <ekr@rtfm.com>.
|
||||
|
|
Loading…
Reference in a new issue