On 9 May 2017 at 15:18, Bogdan-Andrei Iancu <[email protected]> wrote:
> Thank you Giovanni, that is a useful tool - we will document it in the > OpenSIPS TLS tutorial, so other can benefit ;) > > Glad about it! Be sure to get it from https://freeswitch.org/confluence/display/FREESWITCH/ Packet+Capture#PacketCapture-TLSwithsharka , is the latest version with a couple fixes. -giovanni > Many thanks, > > Bogdan-Andrei Iancu > OpenSIPS Founder and Developer > http://www.opensips-solutions.com > > OpenSIPS Summit May 2017 Amsterdam > http://www.opensips.org/events/Summit-2017Amsterdam.html > > On 05/02/2017 05:52 PM, Giovanni Maruzzelli wrote: > > For a cut and paste ready version, that has the correct carriage returns > (mangled by mail), check it in FreeSWITCH documentation: > > https://freeswitch.org/confluence/display/FREESWITCH/ > Packet+Capture#PacketCapture-TLSwithsharka > > -giovanni > > On 2 May 2017 at 16:26, Giovanni Maruzzelli <[email protected]> wrote: > >> Hello fellows, >> >> after some experimentation with various tools, I come out with a little >> shell tool that maybe can be useful to you too. >> >> It can only work with non-forward secrecy ciphers, obviously, and only if >> is started before the client do the initial TLS handshake (eg, just restart >> the client). Forward secrecy cannot be decrypted after fact, so don't waste >> effort. >> >> An example of ciphers that can be decrypted are the "AES256-SHA" openssl >> cipher group. You can use ssldump to check what cipher is used by >> serverhello. >> >> Enjoy, make it better, and share it :) >> >> >> #!/bin/bash >> # brought to you by Giovanni Maruzzelli >> # >> SERVERIP="192.168.1.150" >> SERVERPORT="5061" >> PRIVKEY="/etc/certs/privkey.pem" >> STDERR2DEVNULL=" 2>/dev/null " >> REGEX="notyet" >> >> if [ -z "$1" ]; then >> REGEX="\\\.*" >> else >> REGEX="$1" >> fi >> FILTER="ssl.app_data and sip matches" >> FILTER2="$FILTER \"$REGEX\"" >> FILTER3="'$FILTER2'" >> ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number -e >> frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e >> sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d >> tcp.port\=\=5061,sip -o \"ssl.keys_list: >> $SERVERIP,$SERVERPORT,sip,$PRIVKEY\" >> $STDERR2DEVNULL | sed -u 's/\t/\n/g' | sed -u '/^$/d' | sed -u >> 's/^[0-9]*$/\n==&==============================/g'" >> >> echo "" >> echo "NB: if it do not works, edit script so that STDERR2DEVNULL=\" \" >> and try again" >> echo "" >> echo "NB: remember to quote and escape match patterns, using triple slash" >> echo " eg, for matching [email protected], use \" >> [email protected]\"" >> echo " eg, for matching anything, use \"\\\\\\.*\"" >> echo " eg, for matching *98, use \"\\\\\\*98\"" >> echo "USAGE: $0 \"\\\\\\*[email protected]\"" >> echo "" >> >> >> case "$1" in >> -help|--help|?) >> exit 0 >> ;; >> *) >> echo "THIS TIME WE'RE DOING:" >> echo "tshark $ARGUMENT" >> echo "" >> bash -c "tshark $ARGUMENT" >> ;; >> esac >> >> >> >> -- >> >> Sincerely, >> >> Giovanni Maruzzelli >> OpenTelecom.IT >> cell: +39 347 266 56 18 >> > > > > -- > > Sincerely, > > Giovanni Maruzzelli > OpenTelecom.IT > cell: +39 347 266 56 18 > > > _______________________________________________ > Users mailing > [email protected]http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > -- Sincerely, Giovanni Maruzzelli OpenTelecom.IT cell: +39 347 266 56 18
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
