Age | Commit message (Collapse) | Author | Files | Lines |
|
Master secret is available in capture file comments. Note that this
capture uses NULL encryption, so these secrets *should* not be
necessary, but as of Wireshark 2.0.1. they are needed.
Created with:
curl --ciphers NULL-SHA256 https://10.9.0.1/ -k
openssl s_server -www -cipher NULL-SHA256
Created for investigating
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4652
|
|
Master keys are available in the capture file comments.
This contains a HTTP request and a HTML response without Content-Length
over SSL. It is also
attached to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9154
|
|
Master keys are available in the capture file comments.
This contains a HTTP request and chunked response over SSL. It is also
attached to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11079
|
|
Master keys are available in the capture file comments.
Installed rabbitmq-server on Ubuntu 14.04 (upgraded halfway to 14.10)
and wrote /etc/rabbitmq/rabbitmq.config with appriopriate certs:
[
{rabbit,
[
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "/etc/rabbitmq/cert.pem"},
{certfile, "/etc/rabbitmq/cert.pem"},
{keyfile, "/etc/rabbitmq/key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]}
]}
].
amqp-tools (amqp-publish, etc.) did not work, so a quick Celery script
was used (install python-celery):
from celery import Celery
app = Celery('tasks', broker='amqp://guest@localhost:5671/')
app.conf.update(BROKER_USE_SSL=True)
@app.task
def add(x, y):
return x + y
print(add.delay(3, 4))
|
|
Software versions, pre-master keys are available in the capture file
comments. For convenience, the versions are:
nghttp2/v0.7.3-74-g795a22a
spdylay/v1.3.1-16-gf4bcaee
openssl/1.0.2
Commands:
openssl req -newkey rsa:2048 -x509 -nodes -keyout server.pem -new \
-out server.pem -subj /CN=localhost
socat TCP-LISTEN:4433,reuseaddr,fork TCP-CONNECT:127.0.0.1:4433
./nghttpd 4433 server.pem server.pem
./nghttp https://localhost/
|
|
Pre-master keys are available in the capture file comments.
This selects something from a table and queries 'SHOW VARIABLES' over
ethernet (mtu 1500). It demonstrates a TLS record spanning multiple TCP
segments.
|
|
Pre-master keys are available in the capture file comments.
Install slapd 2.4.31-1+nmu2ubuntu8 ldap-utils 2.4.31-1+nmu2ubuntu8
cd /etc/ldap/ssl
openssl req -newkey rsa:1024 -x509 -nodes -out slapd.pem -keyout \
slapd.pem -days 3650 -subj /CN='LDAP SSL test/'
chown openldap: slapd.pem && chmod 600 slapd.pem
cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/ssl/slapd.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/ssl/slapd.pem
EOF
/etc/init.d/slapd restart
Client:
gdb -q -ex break\ gnutls_handshake -ex r --args \
ldapsearch -ZZ ldap://127.0.0.1:389
p session
p/x ((gnutls_session_t)$1)->security_parameters->client_random
p/x ((gnutls_session_t)$1)->security_parameters->master_secret
c
|
|
Pre-master keys are available in the capture file comments.
Ubuntu 14.04 server with postgresql-9.3 (assume snakeoil certificates,
change listen_addresses='0.0.0.0' and restart). Then create user and db:
createuser -P test
createdb -O test testdb
Client:
psql postgresql://test:pass@127.0.0.1/testdb?sslmode=require
Capture file contains queries (create table, insert, select).
|
|
premaster secrets is available in capture file comments.
Similar to smtp-ssl.pcapng, but running over non-standard port 2525 to
exercise "Decode As" functionality.
|
|
Pre-master keys are available in the capture file comments.
Server is Ubuntu 14.04 with dovecot-imapd and port 143 enabled in
/etc/dovecot/conf.d/10-master.conf.
Client:
openssl s_client -starttls imap -connect localhost:143
Contains "a001 CAPABILITY" followed by renegotiation, "a002 CAPABILITY"
and "QUIT".
|
|
Pre-master keys are available in the capture file comments.
Server is Ubuntu 14.04 with dovecot-pop3d and port 110 enabled in
/etc/dovecot/conf.d/10-master.conf.
Client:
openssl s_client -starttls pop3 -connect localhost:110
Contains "POPA" followed by renegotiation, "POPA" and "QUIT".
|
|
Premaster secret is available in capture file comments.
Capture file generated with an invalid authentication attempt using
TLSv1.2:
git clone https://github.com/fritzy/SleekXMPP.git
cd SleekXMPP
PYTHONPATH=. \
python examples/ping.py -d -j wireshark-test@jabber.org -p none
|
|
premaster secrets is available in capture file comments.
Server is Ubuntu 14.04 running Exim 4.82-3ubuntu2 (using GnuTLS) and
configured with:
/usr/share/doc/exim4-base/examples/exim-gencert
echo MAIN_TLS_ENABLE=1 >/etc/exim4/exim4.conf.localmacros
Client:
sudo socat TCP-LISTEN:25 TCP-CONNECT:... # (port forward)
openssl s_client -starttls smtp -connect localhost:25
After handshake, I typed "EHLO lekensteyn" and triggered a renegiotation
with "R" (which somehow resulted in an error).
|
|
pre-master secrets is in capture file comments, certificate is snakeoil.
Server is Ubuntu 14.04 VM with MariaDB 5.5.40-0ubuntu0.14.04.1, snakeoil
certificate and these my.cnf configs:
bind-address=0.0.0.0
ssl-ca=/etc/ssl/certs/ssl-cert-snakeoil.pem
ssl-cert=/etc/ssl/certs/ssl-cert-snakeoil.pem
ssl-key=/etc/mysql/ssl-cert-snakeoil.key
Pre-processing:
CREATE USER testuser@'%' IDENTIFIED BY 'pass';
CREATE DATABASE testdb;
GRANT ALL ON testdb.* TO test@'%';
Client started with:
mysql -utest -ppass -h127.0.0.1 --ssl-ca=ssl-cert-snakeoil.pem
The capture contains queries (INSERT, SELECT, deliberate disallowed `USE
mysql` and more).
|
|
|