Thank you Giovanni, that is a useful tool - we will document it in the OpenSIPS TLS tutorial, so other can benefit ;)

Many thanks,

Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com

OpenSIPS Summit May 2017 Amsterdam
  http://www.opensips.org/events/Summit-2017Amsterdam.html

On 05/02/2017 05:52 PM, Giovanni Maruzzelli wrote:
For a cut and paste ready version, that has the correct carriage returns (mangled by mail), check it in FreeSWITCH documentation:

https://freeswitch.org/confluence/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka

-giovanni

On 2 May 2017 at 16:26, Giovanni Maruzzelli <gmar...@gmail.com <mailto:gmar...@gmail.com>> wrote:

    Hello fellows,

    after some experimentation with various tools, I come out with a
    little shell tool that maybe can be useful to you too.

    It can only work with non-forward secrecy ciphers, obviously, and
    only if is started before the client do the initial TLS handshake
    (eg, just restart the client). Forward secrecy cannot be decrypted
    after fact, so don't waste effort.

    An example of ciphers that can be decrypted are the "AES256-SHA"
    openssl cipher group. You can use ssldump to check what cipher is
    used by serverhello.

    Enjoy, make it better, and share it :)


    #!/bin/bash
    # brought to you by Giovanni Maruzzelli
    #
    SERVERIP="192.168.1.150"
    SERVERPORT="5061"
    PRIVKEY="/etc/certs/privkey.pem"
    STDERR2DEVNULL=" 2>/dev/null "
    REGEX="notyet"

    if [ -z "$1" ]; then
            REGEX="\\\.*"
    else
            REGEX="$1"
    fi
    FILTER="ssl.app_data and sip matches"
    FILTER2="$FILTER \"$REGEX\""
    FILTER3="'$FILTER2'"
    ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number
    -e frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e
    sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d
    tcp.port\=\=5061,sip  -o \"ssl.keys_list:
    $SERVERIP,$SERVERPORT,sip,$PRIVKEY\" $STDERR2DEVNULL | sed -u
    's/\t/\n/g' | sed -u '/^$/d' | sed -u
    's/^[0-9]*$/\n==&==============================/g'"

    echo ""
    echo "NB: if it do not works, edit script so that
    STDERR2DEVNULL=\" \" and try again"
    echo ""
    echo "NB: remember to quote and escape match patterns, using
    triple slash"
    echo "    eg, for matching 1...@pbx.example.com
    <mailto:1...@pbx.example.com>, use \"1...@pbx.example.com
    <mailto:1...@pbx.example.com>\""
    echo "    eg, for matching anything, use \"\\\\\\.*\""
    echo "    eg, for matching *98, use \"\\\\\\*98\""
    echo "USAGE: $0 \"\\\\\\*9...@pbx.example.com
    <mailto:9...@pbx.example.com>\""
    echo ""


    case "$1" in
            -help|--help|?)
            exit 0
            ;;
    *)
            echo "THIS TIME WE'RE DOING:"
            echo "tshark $ARGUMENT"
            echo ""
            bash -c "tshark $ARGUMENT"
            ;;
    esac



--
    Sincerely,

    Giovanni Maruzzelli
    OpenTelecom.IT
    cell: +39 347 266 56 18




--

Sincerely,

Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18


_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to