mirror of
https://github.com/adulau/ssldump.git
synced 2024-12-22 16:05:58 +00:00
commit
c7c4d18efa
27 changed files with 98 additions and 121 deletions
88
README
88
README
|
@ -1,88 +0,0 @@
|
|||
|
||||
# Old original README file from SSLDUMP 0.9b3 and probably outdated
|
||||
|
||||
$Id: README,v 1.9 2002/08/17 01:33:15 ekr Exp $
|
||||
|
||||
SSLDUMP 0.9b3
|
||||
|
||||
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
|
||||
connections on the chosen network interface and attempts to interpret
|
||||
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
|
||||
decodes the records and displays them in a textual form to stdout. If
|
||||
provided with the appropriate keying material, it will also decrypt
|
||||
the connections and display the application data traffic.
|
||||
|
||||
ssldump depends on the libpcap packet capture library. Some systems
|
||||
(e.g. FreeBSD) now have libpcap as part of their standard install. On
|
||||
other systems, you will need to install it. You can obtain the
|
||||
distribution from:
|
||||
http://www.tcpdump.org/
|
||||
|
||||
If linked with OpenSSL, ssldump can display certificates in decoded
|
||||
form and decrypt traffic (provided that it has the appropriate keying
|
||||
material). Again, OpenSSL may be installed on your system. Otherwise
|
||||
you can obtain it from:
|
||||
http://www.openssl.org/
|
||||
|
||||
See the file INSTALL for instructions on building and installing
|
||||
ssldump.
|
||||
|
||||
STABILITY
|
||||
This is a beta release of ssldump. The UNIX portions have received
|
||||
extensive testing and are believed to be quite solid. The Windows
|
||||
port is substantially less stable.
|
||||
|
||||
CHANGES SINCE 0.9b2
|
||||
Security fix: some potential over and underflows
|
||||
Added support for VLANs.
|
||||
Added -P flag to disable promiscuous mode.
|
||||
Fixed bugs in the TCP reassembly code.
|
||||
A lot of bug fixes.
|
||||
|
||||
See the ChangeLog for a more complete list of changes.
|
||||
|
||||
MAILING LIST
|
||||
For support questions and general discussion on ssldump, please
|
||||
subscribe to the ssldump-users mailing list. Subscription is by
|
||||
majordomo. To subscribe, send a message with no subject and a body
|
||||
consisting of the single line:
|
||||
|
||||
subscribe ssldump-users
|
||||
|
||||
to majordomo@rtfm.com. Note, you cannot send messages to the list
|
||||
unless you are subscribed.
|
||||
|
||||
BUG REPORTS
|
||||
Please send bug reports either to the ssldump-users mailing list
|
||||
or to ssldump@rtfm.com.
|
||||
|
||||
INTEROPERABILITY NOTE
|
||||
Previous versions of ssldump automatically looked for the keyfile
|
||||
in 'server.pem' and used the password 'password'. This version
|
||||
removes those defaults. For decryption to work you MUST specify
|
||||
the keyfile (and password if the keyfile is encrypted.)
|
||||
|
||||
NEW VERSIONS
|
||||
Newer versions of ssldump can be found at:
|
||||
http://www.rtfm.com/ssldump/
|
||||
|
||||
|
||||
SSL REFERENCES
|
||||
The SSLv3 specification can be found at:
|
||||
http://home.netscape.com/eng/ssl3/draft302.txt
|
||||
|
||||
The TLS specification is in RFC 2246 and can be found at:
|
||||
http://www.ietf.org/rfc/rfc2246.txt
|
||||
|
||||
SHAMELESS PLUG
|
||||
Extremely detailed coverage of SSL/TLS can be found in
|
||||
|
||||
_SSL_and_TLS:_Designing_and_Building_Secure_Systems_
|
||||
Eric Rescorla
|
||||
Addison-Wesley, 2001
|
||||
ISBN 0-201-61598-3
|
||||
|
||||
_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life
|
||||
SSL behavior. If you like ssldump and want to learn about SSL, you
|
||||
might consider buying my book.
|
||||
|
1
README
Symbolic link
1
README
Symbolic link
|
@ -0,0 +1 @@
|
|||
README.md
|
10
README.md
10
README.md
|
@ -1,8 +1,12 @@
|
|||
# ssldump - (de-facto repository gathering patches around the cyberspace)
|
||||
|
||||
![C/C++ CI](https://github.com/adulau/ssldump/workflows/C/C++%20CI/badge.svg)
|
||||
![Clang CI](https://github.com/adulau/ssldump/workflows/Clang%20CI/badge.svg)
|
||||
![GCC CI](https://github.com/adulau/ssldump/workflows/GCC%20CI/badge.svg)
|
||||
|
||||
# Release and tagging
|
||||
|
||||
- Current version of ssldump is v1.2 (released: 2020-09-22) - [ChangeLog](https://raw.githubusercontent.com/adulau/ssldump/master/ChangeLog)
|
||||
- Previous version of ssldump is v1.1 (released: 2019-12-28) - [ChangeLog](https://raw.githubusercontent.com/adulau/ssldump/master/ChangeLog)
|
||||
|
||||
# What about the original ssldump?
|
||||
|
||||
|
@ -28,10 +32,6 @@ other too (but this is just a collateral damage).
|
|||
I used it for a relatively small project called Passive SSL. For more information, [Passive SSL Passive Detection and Reconnaissance Techniques, to Find, Track, and Attribute Vulnerable ”Devices”](https://www.first.org/resources/papers/conf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf).
|
||||
Additional back-end code available is in the [crl-monitor ](https://github.com/adulau/crl-monitor/tree/master/bin/x509) repository.
|
||||
|
||||
# Release and tagging
|
||||
|
||||
- Current version of ssldump is v1.1 (released: 2019-12-28) - [ChangeLog](https://raw.githubusercontent.com/adulau/ssldump/master/ChangeLog)
|
||||
|
||||
# Build instructions
|
||||
|
||||
On Debian & Ubuntu:
|
||||
|
|
88
README.old
Normal file
88
README.old
Normal file
|
@ -0,0 +1,88 @@
|
|||
|
||||
# Old original README file from SSLDUMP 0.9b3 and probably outdated
|
||||
|
||||
$Id: README,v 1.9 2002/08/17 01:33:15 ekr Exp $
|
||||
|
||||
SSLDUMP 0.9b3
|
||||
|
||||
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
|
||||
connections on the chosen network interface and attempts to interpret
|
||||
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
|
||||
decodes the records and displays them in a textual form to stdout. If
|
||||
provided with the appropriate keying material, it will also decrypt
|
||||
the connections and display the application data traffic.
|
||||
|
||||
ssldump depends on the libpcap packet capture library. Some systems
|
||||
(e.g. FreeBSD) now have libpcap as part of their standard install. On
|
||||
other systems, you will need to install it. You can obtain the
|
||||
distribution from:
|
||||
http://www.tcpdump.org/
|
||||
|
||||
If linked with OpenSSL, ssldump can display certificates in decoded
|
||||
form and decrypt traffic (provided that it has the appropriate keying
|
||||
material). Again, OpenSSL may be installed on your system. Otherwise
|
||||
you can obtain it from:
|
||||
http://www.openssl.org/
|
||||
|
||||
See the file INSTALL for instructions on building and installing
|
||||
ssldump.
|
||||
|
||||
STABILITY
|
||||
This is a beta release of ssldump. The UNIX portions have received
|
||||
extensive testing and are believed to be quite solid. The Windows
|
||||
port is substantially less stable.
|
||||
|
||||
CHANGES SINCE 0.9b2
|
||||
Security fix: some potential over and underflows
|
||||
Added support for VLANs.
|
||||
Added -P flag to disable promiscuous mode.
|
||||
Fixed bugs in the TCP reassembly code.
|
||||
A lot of bug fixes.
|
||||
|
||||
See the ChangeLog for a more complete list of changes.
|
||||
|
||||
MAILING LIST
|
||||
For support questions and general discussion on ssldump, please
|
||||
subscribe to the ssldump-users mailing list. Subscription is by
|
||||
majordomo. To subscribe, send a message with no subject and a body
|
||||
consisting of the single line:
|
||||
|
||||
subscribe ssldump-users
|
||||
|
||||
to majordomo@rtfm.com. Note, you cannot send messages to the list
|
||||
unless you are subscribed.
|
||||
|
||||
BUG REPORTS
|
||||
Please send bug reports either to the ssldump-users mailing list
|
||||
or to ssldump@rtfm.com.
|
||||
|
||||
INTEROPERABILITY NOTE
|
||||
Previous versions of ssldump automatically looked for the keyfile
|
||||
in 'server.pem' and used the password 'password'. This version
|
||||
removes those defaults. For decryption to work you MUST specify
|
||||
the keyfile (and password if the keyfile is encrypted.)
|
||||
|
||||
NEW VERSIONS
|
||||
Newer versions of ssldump can be found at:
|
||||
http://www.rtfm.com/ssldump/
|
||||
|
||||
|
||||
SSL REFERENCES
|
||||
The SSLv3 specification can be found at:
|
||||
http://home.netscape.com/eng/ssl3/draft302.txt
|
||||
|
||||
The TLS specification is in RFC 2246 and can be found at:
|
||||
http://www.ietf.org/rfc/rfc2246.txt
|
||||
|
||||
SHAMELESS PLUG
|
||||
Extremely detailed coverage of SSL/TLS can be found in
|
||||
|
||||
_SSL_and_TLS:_Designing_and_Building_Secure_Systems_
|
||||
Eric Rescorla
|
||||
Addison-Wesley, 2001
|
||||
ISBN 0-201-61598-3
|
||||
|
||||
_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life
|
||||
SSL behavior. If you like ssldump and want to learn about SSL, you
|
||||
might consider buying my book.
|
||||
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $";
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <r_common.h>
|
||||
|
|
|
@ -47,7 +47,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $";
|
||||
|
||||
|
||||
#include <pcap.h>
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: print_utils.c,v 1.2 2000/10/17 16:09:58 ekr Exp $";
|
||||
int explain(char *format,...)
|
||||
{
|
||||
va_list ap;
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: proto_mod.c,v 1.3 2001/07/20 23:33:14 ekr Exp $";
|
||||
|
||||
#include "network.h"
|
||||
|
||||
|
|
|
@ -43,7 +43,6 @@
|
|||
ekr@rtfm.com Tue Dec 29 15:13:03 1998
|
||||
*/
|
||||
|
||||
static char *RCSSTRING="$Id: tcpconn.c,v 1.7 2002/08/17 01:33:16 ekr Exp $";
|
||||
|
||||
#include "network.h"
|
||||
#include "tcpconn.h"
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: tcppack.c,v 1.11 2002/09/09 21:02:58 ekr Exp $";
|
||||
|
||||
#include "network.h"
|
||||
#ifndef _WIN32
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: debug.c,v 1.3 2001/12/24 06:06:26 ekr Exp $";
|
||||
|
||||
|
||||
#include <stdarg.h>
|
||||
|
|
|
@ -54,7 +54,6 @@
|
|||
ekr@rtfm.com Sun Jan 17 17:57:15 1999
|
||||
*/
|
||||
|
||||
static char *RCSSTRING="$Id: r_assoc.c,v 1.4 2001/12/24 06:06:26 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
#include "r_assoc.h"
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: r_assoc_test.c,v 1.2 2000/10/17 16:10:00 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
#include <r_assoc.h>
|
||||
|
|
|
@ -8,7 +8,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: r_bitfield.c,v 1.3 2001/12/24 06:06:26 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
#include "r_bitfield.h"
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: r_data.c,v 1.3 2001/07/20 23:33:15 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
#include <r_data.h>
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: r_errors.c,v 1.3 2001/12/24 06:06:27 ekr Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: r_list.c,v 1.4 2001/12/24 06:06:27 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
#include "r_list.h"
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: r_replace.c,v 1.2 2000/10/17 16:10:00 ekr Exp $";
|
||||
|
||||
#include "r_common.h"
|
||||
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: r_time.c,v 1.6 2002/09/09 21:02:58 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
#include <r_time.h>
|
||||
|
|
|
@ -8,7 +8,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: pthread.c,v 1.1.1.1 2000/10/09 00:45:39 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
#include <r_thread.h>
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: null_analyze.c,v 1.6 2001/11/26 22:28:16 ekr Exp $";
|
||||
|
||||
#include <ctype.h>
|
||||
#include "network.h"
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: ciphersuites.c,v 1.3 2002/08/17 01:33:17 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: main.c,v 1.2 2000/10/17 16:10:01 ekr Exp $";
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <r_common.h>
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: ssl_analyze.c,v 1.8 2002/01/21 18:46:13 ekr Exp $";
|
||||
|
||||
#include "network.h"
|
||||
#include "debug.h"
|
||||
|
@ -467,7 +466,7 @@ static int data_ssl_analyzer(_obj,seg,direction)
|
|||
{
|
||||
int _status,r;
|
||||
r_queue *q;
|
||||
segment *last,*q_next,*assembled;
|
||||
segment *last,*q_next=NULL,*assembled;
|
||||
ssl_obj *ssl=(ssl_obj *)_obj;
|
||||
int offset=0;
|
||||
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: ssl_rec.c,v 1.3 2000/11/03 06:38:06 ekr Exp $";
|
||||
|
||||
#include "network.h"
|
||||
#include "ssl_h.h"
|
||||
|
|
|
@ -57,7 +57,6 @@
|
|||
#include "ssldecode.h"
|
||||
#include "ssl_rec.h"
|
||||
#include "r_assoc.h"
|
||||
static char *RCSSTRING="$Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $";
|
||||
|
||||
#define PRF(ssl,secret,usage,rnd1,rnd2,out) (ssl->version==SSLV3_VERSION)? \
|
||||
ssl3_prf(ssl,secret,usage,rnd1,rnd2,out): \
|
||||
|
@ -490,7 +489,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl)
|
|||
*keyl=idlen;
|
||||
key+=idlen;
|
||||
|
||||
sprintf(key,"%s:%d",ssl->server_name,ssl->server_port);
|
||||
snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port);
|
||||
*keyl+=strlen(key);
|
||||
|
||||
_status=0;
|
||||
|
@ -907,7 +906,7 @@ static int ssl_generate_keying_material(ssl,d)
|
|||
UCHAR _key_c[16],_key_s[16];
|
||||
int needed;
|
||||
int r,_status;
|
||||
UCHAR *ptr,*c_wk,*s_wk,*c_mk,*s_mk,*c_iv,*s_iv;
|
||||
UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL;
|
||||
|
||||
if(!d->MS){
|
||||
if(r=r_data_alloc(&d->MS,48))
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: sslprint.c,v 1.8 2002/08/17 01:33:17 ekr Exp $";
|
||||
|
||||
#include <ctype.h>
|
||||
#include <stdarg.h>
|
||||
|
@ -418,7 +417,7 @@ int ssl_print_enum(ssl,name,dtable,value)
|
|||
}
|
||||
dtable++;
|
||||
}
|
||||
|
||||
printf("\n");
|
||||
return(R_NOT_FOUND);
|
||||
}
|
||||
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: sslxprint.c,v 1.3 2000/11/03 06:38:06 ekr Exp $";
|
||||
|
||||
#include "network.h"
|
||||
#include "ssl_h.h"
|
||||
|
|
Loading…
Reference in a new issue