Skip to content

Instantly share code, notes, and snippets.

@deeso
Created June 9, 2015 05:08
Show Gist options
  • Save deeso/536212076c19ad7ce249 to your computer and use it in GitHub Desktop.
Save deeso/536212076c19ad7ce249 to your computer and use it in GitHub Desktop.
this file will convert my custom output to a wireshark input that can be used for TLS decryption.
from multiprocessing import Process
import os, urllib, json
import sys, re, libvirt, paramiko, subprocess, time, os, threading, select, errno
import binascii, subprocess, json, shutil
import multiprocessing
from datetime import datetime
WIRESHARK_PMS_FMT = "PMS_CLIENT_RANDOM {pms} {crandom} {ms}"
KEY_HITS = 'found_ssl_keys_counts.txt'
MERGED_KEY_INFO = 'merged_keyinfo.txt'
KEY_VALUES = set(['ms', 'pms', 'swkey', 'cwkey', 'crandom', 'srandom'])
def get_keyinfo_name(base_location):
return os.path.join(base_location, MERGED_KEYINFO)
def get_keyinfo(base_location):
data = [line.strip() for line in open(get_keyinfo_name(base_location)).readlines()]
return [parse_merged_info_line(line) for line in data]
def parse_merge_secret_info(base_location):
pminfos = parse_premaster_location(base_location)
kbinfos = parse_keyblock_location(base_location)
for master_secret,_v in pminfos.items():
for k, v in _v.items():
if master_secret in kbinfos:
kbinfos[master_secret][k] = v
else:
kbinfos[master_secret] = {}
if not k in kbinfos[master_secret]:
kbinfos[master_secret][k] = v
return kbinfos
def parse_merged_info_line(line, key_counts={}):
results = {}
if not line or line.strip() == "":
return results
p = line.strip()
results['tot_hits'] = 0
elements = p.split("-")
#print elements
for e in elements:
s = e.split(":")
k, v, = s[0], s[1] if len(s) == 2 else (None, None,)
if k is None or k == '':
continue
if k == 'time':
v = int(v, 16)
elif k in KEY_VALUES:
hits = key_counts.get(v, 0)
results['tot_hits'] += hits
results['%s_hits'%k] = hits
results[k] = v
return results
def merge_key_hits_key_info(base_location):
key_counts = get_found_key_counts_dict(base_location)
merged_info = get_merged_key_info(base_location, key_counts)
return merged_info
def get_merged_key_info(base_location, key_counts={}):
fname = os.path.join(base_location, MERGED_KEY_INFO)
data = [i.strip() for i in open(fname).readlines() if len(i.strip()) > 0]
results = {}
for line in data:
pline = parse_merged_info_line(line, key_counts)
if 'ms' in pline:
results[pline['ms']] = pline
return results
if __name__ == "__main__":
if len(sys.argv) < 2:
"%s <location_merged_ssl_info> [wireshark]"%(sys.argv[0])
base_location = sys.argv[1]
outfile = None
if len(sys.argv) == 3:
outfile = sys.argv[2]
all_ssl_info = []
all_ssl_info += get_keyinfo(base_location)
entrys = []
for info in all_ssl_info:
keyed = {"ms":info['ms'].lower(), 'crandom':info['crandom'].lower(), 'pms':info['pms'].lower()}
entrys.append(WIRESHARK_PMS_FMT.format(**keyed))
if outfile:
open(outfile, 'w').write("\n".join(entrys))
else:
print ("\n".join(entrys))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment