有一个基于 libpacap 的东西叫 DShell (https://github.com/USArmyResearchLab/Dshell) 可以对实时的流或者历史抓包的pcap进行分析(自己写 Python 插件) SSL的证书应该是在ServerHello那个packet里面。
On Fri, Jul 17, 2015 at 6:04 PM, Peter Wang <[email protected]> wrote: > 如题,为了保证MITM攻击能被及时发现并及时将流氓CA举报。如果直接用tcpdump抓443端口,再拿Wireshark分析,那样数据量太大了,怎么才能只记录握手时的数据包呢? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "TUNA 主邮件列表" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- Qijiang (Chi-Chiang) Fan GPG KEY ID (LONG): 3983 9DD3 50E4 6156 If you need a GPG encrypted and/or signed email, please tell in advance. If you're not intended to receive this email, please don't forward it to anyone else, please delete it and its copies, including all attachments, and please let the sender know it went to the wrong person. Thanks. -- --- You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
