Merge pull request #37 from wllm-rbnt/fixes

Fixes
This commit is contained in:
Alexandre Dulaunoy 2020-10-04 20:45:37 +02:00 committed by GitHub
commit c7c4d18efa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 98 additions and 121 deletions

88
README
View file

@ -1,88 +0,0 @@
# Old original README file from SSLDUMP 0.9b3 and probably outdated
$Id: README,v 1.9 2002/08/17 01:33:15 ekr Exp $
SSLDUMP 0.9b3
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
decodes the records and displays them in a textual form to stdout. If
provided with the appropriate keying material, it will also decrypt
the connections and display the application data traffic.
ssldump depends on the libpcap packet capture library. Some systems
(e.g. FreeBSD) now have libpcap as part of their standard install. On
other systems, you will need to install it. You can obtain the
distribution from:
http://www.tcpdump.org/
If linked with OpenSSL, ssldump can display certificates in decoded
form and decrypt traffic (provided that it has the appropriate keying
material). Again, OpenSSL may be installed on your system. Otherwise
you can obtain it from:
http://www.openssl.org/
See the file INSTALL for instructions on building and installing
ssldump.
STABILITY
This is a beta release of ssldump. The UNIX portions have received
extensive testing and are believed to be quite solid. The Windows
port is substantially less stable.
CHANGES SINCE 0.9b2
Security fix: some potential over and underflows
Added support for VLANs.
Added -P flag to disable promiscuous mode.
Fixed bugs in the TCP reassembly code.
A lot of bug fixes.
See the ChangeLog for a more complete list of changes.
MAILING LIST
For support questions and general discussion on ssldump, please
subscribe to the ssldump-users mailing list. Subscription is by
majordomo. To subscribe, send a message with no subject and a body
consisting of the single line:
subscribe ssldump-users
to majordomo@rtfm.com. Note, you cannot send messages to the list
unless you are subscribed.
BUG REPORTS
Please send bug reports either to the ssldump-users mailing list
or to ssldump@rtfm.com.
INTEROPERABILITY NOTE
Previous versions of ssldump automatically looked for the keyfile
in 'server.pem' and used the password 'password'. This version
removes those defaults. For decryption to work you MUST specify
the keyfile (and password if the keyfile is encrypted.)
NEW VERSIONS
Newer versions of ssldump can be found at:
http://www.rtfm.com/ssldump/
SSL REFERENCES
The SSLv3 specification can be found at:
http://home.netscape.com/eng/ssl3/draft302.txt
The TLS specification is in RFC 2246 and can be found at:
http://www.ietf.org/rfc/rfc2246.txt
SHAMELESS PLUG
Extremely detailed coverage of SSL/TLS can be found in
_SSL_and_TLS:_Designing_and_Building_Secure_Systems_
Eric Rescorla
Addison-Wesley, 2001
ISBN 0-201-61598-3
_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life
SSL behavior. If you like ssldump and want to learn about SSL, you
might consider buying my book.

1
README Symbolic link
View file

@ -0,0 +1 @@
README.md

View file

@ -1,8 +1,12 @@
# ssldump - (de-facto repository gathering patches around the cyberspace) # ssldump - (de-facto repository gathering patches around the cyberspace)
![C/C++ CI](https://github.com/adulau/ssldump/workflows/C/C++%20CI/badge.svg) ![Clang CI](https://github.com/adulau/ssldump/workflows/Clang%20CI/badge.svg)
![GCC CI](https://github.com/adulau/ssldump/workflows/GCC%20CI/badge.svg)
# Release and tagging
- Current version of ssldump is v1.2 (released: 2020-09-22) - [ChangeLog](https://raw.githubusercontent.com/adulau/ssldump/master/ChangeLog) - Current version of ssldump is v1.2 (released: 2020-09-22) - [ChangeLog](https://raw.githubusercontent.com/adulau/ssldump/master/ChangeLog)
- Previous version of ssldump is v1.1 (released: 2019-12-28) - [ChangeLog](https://raw.githubusercontent.com/adulau/ssldump/master/ChangeLog)
# What about the original ssldump? # What about the original ssldump?
@ -28,10 +32,6 @@ other too (but this is just a collateral damage).
I used it for a relatively small project called Passive SSL. For more information, [Passive SSL Passive Detection and Reconnaissance Techniques, to Find, Track, and Attribute Vulnerable ”Devices”](https://www.first.org/resources/papers/conf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf). I used it for a relatively small project called Passive SSL. For more information, [Passive SSL Passive Detection and Reconnaissance Techniques, to Find, Track, and Attribute Vulnerable ”Devices”](https://www.first.org/resources/papers/conf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf).
Additional back-end code available is in the [crl-monitor ](https://github.com/adulau/crl-monitor/tree/master/bin/x509) repository. Additional back-end code available is in the [crl-monitor ](https://github.com/adulau/crl-monitor/tree/master/bin/x509) repository.
# Release and tagging
- Current version of ssldump is v1.1 (released: 2019-12-28) - [ChangeLog](https://raw.githubusercontent.com/adulau/ssldump/master/ChangeLog)
# Build instructions # Build instructions
On Debian & Ubuntu: On Debian & Ubuntu:

88
README.old Normal file
View file

@ -0,0 +1,88 @@
# Old original README file from SSLDUMP 0.9b3 and probably outdated
$Id: README,v 1.9 2002/08/17 01:33:15 ekr Exp $
SSLDUMP 0.9b3
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
decodes the records and displays them in a textual form to stdout. If
provided with the appropriate keying material, it will also decrypt
the connections and display the application data traffic.
ssldump depends on the libpcap packet capture library. Some systems
(e.g. FreeBSD) now have libpcap as part of their standard install. On
other systems, you will need to install it. You can obtain the
distribution from:
http://www.tcpdump.org/
If linked with OpenSSL, ssldump can display certificates in decoded
form and decrypt traffic (provided that it has the appropriate keying
material). Again, OpenSSL may be installed on your system. Otherwise
you can obtain it from:
http://www.openssl.org/
See the file INSTALL for instructions on building and installing
ssldump.
STABILITY
This is a beta release of ssldump. The UNIX portions have received
extensive testing and are believed to be quite solid. The Windows
port is substantially less stable.
CHANGES SINCE 0.9b2
Security fix: some potential over and underflows
Added support for VLANs.
Added -P flag to disable promiscuous mode.
Fixed bugs in the TCP reassembly code.
A lot of bug fixes.
See the ChangeLog for a more complete list of changes.
MAILING LIST
For support questions and general discussion on ssldump, please
subscribe to the ssldump-users mailing list. Subscription is by
majordomo. To subscribe, send a message with no subject and a body
consisting of the single line:
subscribe ssldump-users
to majordomo@rtfm.com. Note, you cannot send messages to the list
unless you are subscribed.
BUG REPORTS
Please send bug reports either to the ssldump-users mailing list
or to ssldump@rtfm.com.
INTEROPERABILITY NOTE
Previous versions of ssldump automatically looked for the keyfile
in 'server.pem' and used the password 'password'. This version
removes those defaults. For decryption to work you MUST specify
the keyfile (and password if the keyfile is encrypted.)
NEW VERSIONS
Newer versions of ssldump can be found at:
http://www.rtfm.com/ssldump/
SSL REFERENCES
The SSLv3 specification can be found at:
http://home.netscape.com/eng/ssl3/draft302.txt
The TLS specification is in RFC 2246 and can be found at:
http://www.ietf.org/rfc/rfc2246.txt
SHAMELESS PLUG
Extremely detailed coverage of SSL/TLS can be found in
_SSL_and_TLS:_Designing_and_Building_Secure_Systems_
Eric Rescorla
Addison-Wesley, 2001
ISBN 0-201-61598-3
_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life
SSL behavior. If you like ssldump and want to learn about SSL, you
might consider buying my book.

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $";
#include <sys/types.h> #include <sys/types.h>
#include <r_common.h> #include <r_common.h>

View file

@ -47,7 +47,6 @@
*/ */
static char *RCSSTRING="$Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $";
#include <pcap.h> #include <pcap.h>

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: print_utils.c,v 1.2 2000/10/17 16:09:58 ekr Exp $";
int explain(char *format,...) int explain(char *format,...)
{ {
va_list ap; va_list ap;

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: proto_mod.c,v 1.3 2001/07/20 23:33:14 ekr Exp $";
#include "network.h" #include "network.h"

View file

@ -43,7 +43,6 @@
ekr@rtfm.com Tue Dec 29 15:13:03 1998 ekr@rtfm.com Tue Dec 29 15:13:03 1998
*/ */
static char *RCSSTRING="$Id: tcpconn.c,v 1.7 2002/08/17 01:33:16 ekr Exp $";
#include "network.h" #include "network.h"
#include "tcpconn.h" #include "tcpconn.h"

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: tcppack.c,v 1.11 2002/09/09 21:02:58 ekr Exp $";
#include "network.h" #include "network.h"
#ifndef _WIN32 #ifndef _WIN32

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: debug.c,v 1.3 2001/12/24 06:06:26 ekr Exp $";
#include <stdarg.h> #include <stdarg.h>

View file

@ -54,7 +54,6 @@
ekr@rtfm.com Sun Jan 17 17:57:15 1999 ekr@rtfm.com Sun Jan 17 17:57:15 1999
*/ */
static char *RCSSTRING="$Id: r_assoc.c,v 1.4 2001/12/24 06:06:26 ekr Exp $";
#include <r_common.h> #include <r_common.h>
#include "r_assoc.h" #include "r_assoc.h"

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: r_assoc_test.c,v 1.2 2000/10/17 16:10:00 ekr Exp $";
#include <r_common.h> #include <r_common.h>
#include <r_assoc.h> #include <r_assoc.h>

View file

@ -8,7 +8,6 @@
*/ */
static char *RCSSTRING="$Id: r_bitfield.c,v 1.3 2001/12/24 06:06:26 ekr Exp $";
#include <r_common.h> #include <r_common.h>
#include "r_bitfield.h" #include "r_bitfield.h"

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: r_data.c,v 1.3 2001/07/20 23:33:15 ekr Exp $";
#include <r_common.h> #include <r_common.h>
#include <r_data.h> #include <r_data.h>

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: r_errors.c,v 1.3 2001/12/24 06:06:27 ekr Exp $";
#include <stdio.h> #include <stdio.h>
#include <stdarg.h> #include <stdarg.h>

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: r_list.c,v 1.4 2001/12/24 06:06:27 ekr Exp $";
#include <r_common.h> #include <r_common.h>
#include "r_list.h" #include "r_list.h"

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: r_replace.c,v 1.2 2000/10/17 16:10:00 ekr Exp $";
#include "r_common.h" #include "r_common.h"

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: r_time.c,v 1.6 2002/09/09 21:02:58 ekr Exp $";
#include <r_common.h> #include <r_common.h>
#include <r_time.h> #include <r_time.h>

View file

@ -8,7 +8,6 @@
*/ */
static char *RCSSTRING="$Id: pthread.c,v 1.1.1.1 2000/10/09 00:45:39 ekr Exp $";
#include <r_common.h> #include <r_common.h>
#include <r_thread.h> #include <r_thread.h>

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: null_analyze.c,v 1.6 2001/11/26 22:28:16 ekr Exp $";
#include <ctype.h> #include <ctype.h>
#include "network.h" #include "network.h"

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: ciphersuites.c,v 1.3 2002/08/17 01:33:17 ekr Exp $";
#include <r_common.h> #include <r_common.h>

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: main.c,v 1.2 2000/10/17 16:10:01 ekr Exp $";
#include <stdarg.h> #include <stdarg.h>
#include <r_common.h> #include <r_common.h>

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: ssl_analyze.c,v 1.8 2002/01/21 18:46:13 ekr Exp $";
#include "network.h" #include "network.h"
#include "debug.h" #include "debug.h"
@ -467,7 +466,7 @@ static int data_ssl_analyzer(_obj,seg,direction)
{ {
int _status,r; int _status,r;
r_queue *q; r_queue *q;
segment *last,*q_next,*assembled; segment *last,*q_next=NULL,*assembled;
ssl_obj *ssl=(ssl_obj *)_obj; ssl_obj *ssl=(ssl_obj *)_obj;
int offset=0; int offset=0;

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: ssl_rec.c,v 1.3 2000/11/03 06:38:06 ekr Exp $";
#include "network.h" #include "network.h"
#include "ssl_h.h" #include "ssl_h.h"

View file

@ -57,7 +57,6 @@
#include "ssldecode.h" #include "ssldecode.h"
#include "ssl_rec.h" #include "ssl_rec.h"
#include "r_assoc.h" #include "r_assoc.h"
static char *RCSSTRING="$Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $";
#define PRF(ssl,secret,usage,rnd1,rnd2,out) (ssl->version==SSLV3_VERSION)? \ #define PRF(ssl,secret,usage,rnd1,rnd2,out) (ssl->version==SSLV3_VERSION)? \
ssl3_prf(ssl,secret,usage,rnd1,rnd2,out): \ ssl3_prf(ssl,secret,usage,rnd1,rnd2,out): \
@ -490,7 +489,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl)
*keyl=idlen; *keyl=idlen;
key+=idlen; key+=idlen;
sprintf(key,"%s:%d",ssl->server_name,ssl->server_port); snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port);
*keyl+=strlen(key); *keyl+=strlen(key);
_status=0; _status=0;
@ -907,7 +906,7 @@ static int ssl_generate_keying_material(ssl,d)
UCHAR _key_c[16],_key_s[16]; UCHAR _key_c[16],_key_s[16];
int needed; int needed;
int r,_status; int r,_status;
UCHAR *ptr,*c_wk,*s_wk,*c_mk,*s_mk,*c_iv,*s_iv; UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL;
if(!d->MS){ if(!d->MS){
if(r=r_data_alloc(&d->MS,48)) if(r=r_data_alloc(&d->MS,48))

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: sslprint.c,v 1.8 2002/08/17 01:33:17 ekr Exp $";
#include <ctype.h> #include <ctype.h>
#include <stdarg.h> #include <stdarg.h>
@ -418,7 +417,7 @@ int ssl_print_enum(ssl,name,dtable,value)
} }
dtable++; dtable++;
} }
printf("\n");
return(R_NOT_FOUND); return(R_NOT_FOUND);
} }

View file

@ -44,7 +44,6 @@
*/ */
static char *RCSSTRING="$Id: sslxprint.c,v 1.3 2000/11/03 06:38:06 ekr Exp $";
#include "network.h" #include "network.h"
#include "ssl_h.h" #include "ssl_h.h"