summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2016-08-16src/sslkeylog.c: OpenSSL 1.1.0 compatibilityPeter Wu1-18/+48
OpenSSL 1.1.0 makes some structures opaque, but luckily it provides new functions to extract the client random and master secret which is all we need from the structures. Tested with OpenSSL 1.1.0-pre6 using openssl s_client and OpenSSL 1.0.2.h using curl.
2015-07-16sslkeylog.py: fix writing headerPeter Wu1-1/+1
2015-07-10sslkeylog.py: document batch modePeter Wu1-1/+16
Found in gdb source code that 'all' implies everything except SIGTRAP and SIGINT. SIGINT is normally used for interactive debugging (so can be disabled) but SIGTRAP is used for breakpoints (and can therefore not be disabled without killing the program on such signals).
2015-07-10sslkeylog.py: fix older gdb and python compatPeter Wu1-5/+14
Older gdb is upset by appending to a pipe, so fallback to writing instead in such cases. Older python do not allow interpolation in bytes, so use strings and encode it to bytes before writing. Previously tested with GDB 7.9.1 and Python 2.7.10. Now tested with GDB 7.7.1 and Python 2.7.6 on Ubuntu 14.04.
2015-07-10sslkeylog.py: initial check-inPeter Wu1-0/+198
Tool to extract SSL keys on-the-fly from existing OpenSSL programs. Servers included!
2015-03-27sslkeylog.sh: allow it to be sourcedPeter Wu1-4/+6
Switch to bash as there is no readable / easy way to make it compatible for all shells in the world.
2015-01-30Add sslkeylog.sh wrapper scriptPeter Wu1-0/+22
2015-01-30sslkeylog: load libssl.so if not alreadyPeter Wu1-5/+35
This solves a null deref in python ssl module in SSL_do_handshake.
2015-01-29sslkeylog: interpose SSL_read and SSL_writePeter Wu1-0/+24
These functions can trigger a renegotiation which changes the key material (detected by using `curl` and `openssl s_server` and pressing `R` in `openssl s_server`).
2015-01-29sslkeylog: skip writing duplicate entriesPeter Wu1-4/+35
SSL_connect is somehow called multiple times on the same connection by curl, this may result in duplicate keylog file entries. Detect when the state changes, and only print the keys if it has changed.
2015-01-29sslkeylog: intercept server functionsPeter Wu1-6/+33
Also intercept SSL_do_handshake (nginx) and SSL_accept (s_server).
2015-01-29sslkeylog: continue after failed handshake, reject SSLv2Peter Wu1-1/+4
Try to dump as many keys as possible, even if a fatal alert occurred. Wireshark does not support SSLv2, so check that a successful connection does not use SSLv2 before dumping keys (this fixes a crash).
2015-01-28sslkeylog: rename key_logfile to keylog_filePeter Wu1-9/+9
This follows the preference name ssl.keylog_file.
2015-01-28sslkeylog.c: utility to intercept OpenSSL keysPeter Wu2-0/+94
For a gdb function, see http://security.stackexchange.com/a/80174/2630 To generate the line assuming you have a context with a SSL structure (named "s") run this: python def read_as_hex(name, size): addr = gdb.parse_and_eval(name).address data = gdb.selected_inferior().read_memory(addr, size) return ''.join('%02X' % ord(x) for x in data) def pm(ssl='s'): mk = read_as_hex('%s->session->master_key' % ssl, 48) cr = read_as_hex('%s->s3->client_random' % ssl, 32) print('CLIENT_RANDOM %s %s' % (cr, mk)) end python pm()
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-13 02:31:59 +0000