For a cut and paste ready version, that has the correct carriage returns (mangled by mail), check it in FreeSWITCH documentation:
https://freeswitch.org/confluence/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka -giovanni On 2 May 2017 at 16:26, Giovanni Maruzzelli <[email protected]> wrote: > Hello fellows, > > after some experimentation with various tools, I come out with a little > shell tool that maybe can be useful to you too. > > It can only work with non-forward secrecy ciphers, obviously, and only if > is started before the client do the initial TLS handshake (eg, just restart > the client). Forward secrecy cannot be decrypted after fact, so don't waste > effort. > > An example of ciphers that can be decrypted are the "AES256-SHA" openssl > cipher group. You can use ssldump to check what cipher is used by > serverhello. > > Enjoy, make it better, and share it :) > > > #!/bin/bash > # brought to you by Giovanni Maruzzelli > # > SERVERIP="192.168.1.150" > SERVERPORT="5061" > PRIVKEY="/etc/certs/privkey.pem" > STDERR2DEVNULL=" 2>/dev/null " > REGEX="notyet" > > if [ -z "$1" ]; then > REGEX="\\\.*" > else > REGEX="$1" > fi > FILTER="ssl.app_data and sip matches" > FILTER2="$FILTER \"$REGEX\"" > FILTER3="'$FILTER2'" > ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number -e > frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e > sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d > tcp.port\=\=5061,sip -o \"ssl.keys_list: $SERVERIP,$SERVERPORT,sip,$PRIVKEY\" > $STDERR2DEVNULL | sed -u 's/\t/\n/g' | sed -u '/^$/d' | sed -u > 's/^[0-9]*$/\n==&==============================/g'" > > echo "" > echo "NB: if it do not works, edit script so that STDERR2DEVNULL=\" \" and > try again" > echo "" > echo "NB: remember to quote and escape match patterns, using triple slash" > echo " eg, for matching [email protected], use \" > [email protected]\"" > echo " eg, for matching anything, use \"\\\\\\.*\"" > echo " eg, for matching *98, use \"\\\\\\*98\"" > echo "USAGE: $0 \"\\\\\\*[email protected]\"" > echo "" > > > case "$1" in > -help|--help|?) > exit 0 > ;; > *) > echo "THIS TIME WE'RE DOING:" > echo "tshark $ARGUMENT" > echo "" > bash -c "tshark $ARGUMENT" > ;; > esac > > > > -- > > Sincerely, > > Giovanni Maruzzelli > OpenTelecom.IT > cell: +39 347 266 56 18 > -- Sincerely, Giovanni Maruzzelli OpenTelecom.IT cell: +39 347 266 56 18
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
