Created
June 9, 2015 05:08
-
-
Save deeso/536212076c19ad7ce249 to your computer and use it in GitHub Desktop.
this file will convert my custom output to a wireshark input that can be used for TLS decryption.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from multiprocessing import Process | |
import os, urllib, json | |
import sys, re, libvirt, paramiko, subprocess, time, os, threading, select, errno | |
import binascii, subprocess, json, shutil | |
import multiprocessing | |
from datetime import datetime | |
WIRESHARK_PMS_FMT = "PMS_CLIENT_RANDOM {pms} {crandom} {ms}" | |
KEY_HITS = 'found_ssl_keys_counts.txt' | |
MERGED_KEY_INFO = 'merged_keyinfo.txt' | |
KEY_VALUES = set(['ms', 'pms', 'swkey', 'cwkey', 'crandom', 'srandom']) | |
def get_keyinfo_name(base_location): | |
return os.path.join(base_location, MERGED_KEYINFO) | |
def get_keyinfo(base_location): | |
data = [line.strip() for line in open(get_keyinfo_name(base_location)).readlines()] | |
return [parse_merged_info_line(line) for line in data] | |
def parse_merge_secret_info(base_location): | |
pminfos = parse_premaster_location(base_location) | |
kbinfos = parse_keyblock_location(base_location) | |
for master_secret,_v in pminfos.items(): | |
for k, v in _v.items(): | |
if master_secret in kbinfos: | |
kbinfos[master_secret][k] = v | |
else: | |
kbinfos[master_secret] = {} | |
if not k in kbinfos[master_secret]: | |
kbinfos[master_secret][k] = v | |
return kbinfos | |
def parse_merged_info_line(line, key_counts={}): | |
results = {} | |
if not line or line.strip() == "": | |
return results | |
p = line.strip() | |
results['tot_hits'] = 0 | |
elements = p.split("-") | |
#print elements | |
for e in elements: | |
s = e.split(":") | |
k, v, = s[0], s[1] if len(s) == 2 else (None, None,) | |
if k is None or k == '': | |
continue | |
if k == 'time': | |
v = int(v, 16) | |
elif k in KEY_VALUES: | |
hits = key_counts.get(v, 0) | |
results['tot_hits'] += hits | |
results['%s_hits'%k] = hits | |
results[k] = v | |
return results | |
def merge_key_hits_key_info(base_location): | |
key_counts = get_found_key_counts_dict(base_location) | |
merged_info = get_merged_key_info(base_location, key_counts) | |
return merged_info | |
def get_merged_key_info(base_location, key_counts={}): | |
fname = os.path.join(base_location, MERGED_KEY_INFO) | |
data = [i.strip() for i in open(fname).readlines() if len(i.strip()) > 0] | |
results = {} | |
for line in data: | |
pline = parse_merged_info_line(line, key_counts) | |
if 'ms' in pline: | |
results[pline['ms']] = pline | |
return results | |
if __name__ == "__main__": | |
if len(sys.argv) < 2: | |
"%s <location_merged_ssl_info> [wireshark]"%(sys.argv[0]) | |
base_location = sys.argv[1] | |
outfile = None | |
if len(sys.argv) == 3: | |
outfile = sys.argv[2] | |
all_ssl_info = [] | |
all_ssl_info += get_keyinfo(base_location) | |
entrys = [] | |
for info in all_ssl_info: | |
keyed = {"ms":info['ms'].lower(), 'crandom':info['crandom'].lower(), 'pms':info['pms'].lower()} | |
entrys.append(WIRESHARK_PMS_FMT.format(**keyed)) | |
if outfile: | |
open(outfile, 'w').write("\n".join(entrys)) | |
else: | |
print ("\n".join(entrys)) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment