Age | Commit message (Collapse) | Author | Files | Lines |
|
OpenSSL 1.1.0 makes some structures opaque, but luckily it provides new
functions to extract the client random and master secret which is all we
need from the structures.
Tested with OpenSSL 1.1.0-pre6 using openssl s_client and
OpenSSL 1.0.2.h using curl.
|
|
|
|
Found in gdb source code that 'all' implies everything except SIGTRAP
and SIGINT. SIGINT is normally used for interactive debugging (so can be
disabled) but SIGTRAP is used for breakpoints (and can therefore not be
disabled without killing the program on such signals).
|
|
Older gdb is upset by appending to a pipe, so fallback to writing
instead in such cases. Older python do not allow interpolation in bytes,
so use strings and encode it to bytes before writing.
Previously tested with GDB 7.9.1 and Python 2.7.10. Now tested with
GDB 7.7.1 and Python 2.7.6 on Ubuntu 14.04.
|
|
Tool to extract SSL keys on-the-fly from existing OpenSSL programs.
Servers included!
|
|
Switch to bash as there is no readable / easy way to make it compatible
for all shells in the world.
|
|
|
|
This solves a null deref in python ssl module in SSL_do_handshake.
|
|
These functions can trigger a renegotiation which changes the key
material (detected by using `curl` and `openssl s_server` and pressing
`R` in `openssl s_server`).
|
|
SSL_connect is somehow called multiple times on the same connection
by curl, this may result in duplicate keylog file entries. Detect when
the state changes, and only print the keys if it has changed.
|
|
Also intercept SSL_do_handshake (nginx) and SSL_accept (s_server).
|
|
Try to dump as many keys as possible, even if a fatal alert occurred.
Wireshark does not support SSLv2, so check that a successful connection
does not use SSLv2 before dumping keys (this fixes a crash).
|
|
This follows the preference name ssl.keylog_file.
|
|
For a gdb function, see http://security.stackexchange.com/a/80174/2630
To generate the line assuming you have a context with a SSL structure
(named "s") run this:
python
def read_as_hex(name, size):
addr = gdb.parse_and_eval(name).address
data = gdb.selected_inferior().read_memory(addr, size)
return ''.join('%02X' % ord(x) for x in data)
def pm(ssl='s'):
mk = read_as_hex('%s->session->master_key' % ssl, 48)
cr = read_as_hex('%s->s3->client_random' % ssl, 32)
print('CLIENT_RANDOM %s %s' % (cr, mk))
end
python pm()
|