[OpenSIPS-Users] TLS SIP packet tracing and visualization
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue May 9 09:18:43 EDT 2017
Thank you Giovanni, that is a useful tool - we will document it in the
OpenSIPS TLS tutorial, so other can benefit ;)
Many thanks,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
OpenSIPS Summit May 2017 Amsterdam
http://www.opensips.org/events/Summit-2017Amsterdam.html
On 05/02/2017 05:52 PM, Giovanni Maruzzelli wrote:
> For a cut and paste ready version, that has the correct carriage
> returns (mangled by mail), check it in FreeSWITCH documentation:
>
> https://freeswitch.org/confluence/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka
>
> -giovanni
>
> On 2 May 2017 at 16:26, Giovanni Maruzzelli <gmaruzz at gmail.com
> <mailto:gmaruzz at gmail.com>> wrote:
>
> Hello fellows,
>
> after some experimentation with various tools, I come out with a
> little shell tool that maybe can be useful to you too.
>
> It can only work with non-forward secrecy ciphers, obviously, and
> only if is started before the client do the initial TLS handshake
> (eg, just restart the client). Forward secrecy cannot be decrypted
> after fact, so don't waste effort.
>
> An example of ciphers that can be decrypted are the "AES256-SHA"
> openssl cipher group. You can use ssldump to check what cipher is
> used by serverhello.
>
> Enjoy, make it better, and share it :)
>
>
> #!/bin/bash
> # brought to you by Giovanni Maruzzelli
> #
> SERVERIP="192.168.1.150"
> SERVERPORT="5061"
> PRIVKEY="/etc/certs/privkey.pem"
> STDERR2DEVNULL=" 2>/dev/null "
> REGEX="notyet"
>
> if [ -z "$1" ]; then
> REGEX="\\\.*"
> else
> REGEX="$1"
> fi
> FILTER="ssl.app_data and sip matches"
> FILTER2="$FILTER \"$REGEX\""
> FILTER3="'$FILTER2'"
> ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number
> -e frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e
> sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d
> tcp.port\=\=5061,sip -o \"ssl.keys_list:
> $SERVERIP,$SERVERPORT,sip,$PRIVKEY\" $STDERR2DEVNULL | sed -u
> 's/\t/\n/g' | sed -u '/^$/d' | sed -u
> 's/^[0-9]*$/\n==&==============================/g'"
>
> echo ""
> echo "NB: if it do not works, edit script so that
> STDERR2DEVNULL=\" \" and try again"
> echo ""
> echo "NB: remember to quote and escape match patterns, using
> triple slash"
> echo " eg, for matching 1010 at pbx.example.com
> <mailto:1010 at pbx.example.com>, use \"1010 at pbx.example.com
> <mailto:1010 at pbx.example.com>\""
> echo " eg, for matching anything, use \"\\\\\\.*\""
> echo " eg, for matching *98, use \"\\\\\\*98\""
> echo "USAGE: $0 \"\\\\\\*98 at pbx.example.com
> <mailto:98 at pbx.example.com>\""
> echo ""
>
>
> case "$1" in
> -help|--help|?)
> exit 0
> ;;
> *)
> echo "THIS TIME WE'RE DOING:"
> echo "tshark $ARGUMENT"
> echo ""
> bash -c "tshark $ARGUMENT"
> ;;
> esac
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170509/435e9ca6/attachment.html>
More information about the Users
mailing list