peter/wireshark-notes - Notes and captures for patching TLS in Wireshark

Age	Commit message (Collapse)	Author	Files	Lines
2015-01-30	Add sslkeylog.sh wrapper script	Peter Wu	1	-0/+22

2015-01-30	sslkeylog: load libssl.so if not already	Peter Wu	1	-5/+35
	This solves a null deref in python ssl module in SSL_do_handshake.
2015-01-29	sslkeylog: interpose SSL_read and SSL_write	Peter Wu	1	-0/+24
	These functions can trigger a renegotiation which changes the key material (detected by using `curl` and `openssl s_server` and pressing `R` in `openssl s_server`).
2015-01-29	sslkeylog: skip writing duplicate entries	Peter Wu	1	-4/+35
	SSL_connect is somehow called multiple times on the same connection by curl, this may result in duplicate keylog file entries. Detect when the state changes, and only print the keys if it has changed.
2015-01-29	sslkeylog: intercept server functions	Peter Wu	1	-6/+33
	Also intercept SSL_do_handshake (nginx) and SSL_accept (s_server).
2015-01-29	sslkeylog: continue after failed handshake, reject SSLv2	Peter Wu	1	-1/+4
	Try to dump as many keys as possible, even if a fatal alert occurred. Wireshark does not support SSLv2, so check that a successful connection does not use SSLv2 before dumping keys (this fixes a crash).
2015-01-28	sslkeylog: rename key_logfile to keylog_file	Peter Wu	1	-9/+9
	This follows the preference name ssl.keylog_file.
2015-01-28	sslkeylog.c: utility to intercept OpenSSL keys	Peter Wu	2	-0/+94
	For a gdb function, see http://security.stackexchange.com/a/80174/2630 To generate the line assuming you have a context with a SSL structure (named "s") run this: python def read_as_hex(name, size): addr = gdb.parse_and_eval(name).address data = gdb.selected_inferior().read_memory(addr, size) return ''.join('%02X' % ord(x) for x in data) def pm(ssl='s'): mk = read_as_hex('%s->session->master_key' % ssl, 48) cr = read_as_hex('%s->s3->client_random' % ssl, 32) print('CLIENT_RANDOM %s %s' % (cr, mk)) end python pm()