deeso/keyinfo_to_wireshark.py

## keyinfo_to_wireshark.py
from multiprocessing import Process
import os, urllib, json
import sys, re, libvirt, paramiko, subprocess, time, os, threading, select, errno
import binascii, subprocess, json, shutil
import multiprocessing
from datetime import datetime

WIRESHARK_PMS_FMT = "PMS_CLIENT_RANDOM {pms} {crandom} {ms}"


KEY_HITS = 'found_ssl_keys_counts.txt'
MERGED_KEY_INFO = 'merged_keyinfo.txt'

KEY_VALUES = set(['ms', 'pms', 'swkey', 'cwkey', 'crandom', 'srandom'])


def get_keyinfo_name(base_location):
    return os.path.join(base_location, MERGED_KEYINFO)

def get_keyinfo(base_location):
    data = [line.strip() for line in open(get_keyinfo_name(base_location)).readlines()]
    return [parse_merged_info_line(line) for line in data]

def parse_merge_secret_info(base_location):
    pminfos = parse_premaster_location(base_location)
    kbinfos = parse_keyblock_location(base_location)
    for master_secret,_v in pminfos.items():
        for k, v in _v.items():
            if master_secret in kbinfos:
               kbinfos[master_secret][k] = v
            else:
               kbinfos[master_secret] = {}
               if not k in kbinfos[master_secret]:
                   kbinfos[master_secret][k] = v
    return kbinfos

def parse_merged_info_line(line, key_counts={}):
    results = {}
    if not line or line.strip() == "":
        return results

    p = line.strip()
    results['tot_hits'] = 0
    elements = p.split("-")
    #print elements
    for e in elements:
        s = e.split(":")
        k, v, =  s[0], s[1] if len(s) == 2 else (None, None,)
        if k is None or k == '':
            continue
        if k == 'time':
            v = int(v, 16)
        elif k in KEY_VALUES:
            hits = key_counts.get(v, 0)
            results['tot_hits'] += hits
            results['%s_hits'%k] = hits
        results[k] = v
    return results


def merge_key_hits_key_info(base_location):
    key_counts = get_found_key_counts_dict(base_location)
    merged_info = get_merged_key_info(base_location, key_counts)
    return merged_info

def get_merged_key_info(base_location, key_counts={}):
    fname = os.path.join(base_location, MERGED_KEY_INFO)
    data = [i.strip() for i in open(fname).readlines() if len(i.strip()) > 0]
    results = {}
    for line in data:
        pline = parse_merged_info_line(line, key_counts)
        if 'ms' in pline:
            results[pline['ms']] = pline
    return results


if __name__ == "__main__":
    if len(sys.argv) < 2:
        "%s <location_merged_ssl_info> [wireshark]"%(sys.argv[0])
    base_location = sys.argv[1]
    outfile = None
    if len(sys.argv) == 3:
        outfile = sys.argv[2]

    all_ssl_info = []
    all_ssl_info += get_keyinfo(base_location)

    entrys = []
    for info in all_ssl_info:
        keyed = {"ms":info['ms'].lower(), 'crandom':info['crandom'].lower(), 'pms':info['pms'].lower()}
        entrys.append(WIRESHARK_PMS_FMT.format(**keyed))

    if outfile:
        open(outfile, 'w').write("\n".join(entrys))
    else:
        print ("\n".join(entrys))
	from multiprocessing import Process
	import os, urllib, json
	import sys, re, libvirt, paramiko, subprocess, time, os, threading, select, errno
	import binascii, subprocess, json, shutil
	import multiprocessing
	from datetime import datetime

	WIRESHARK_PMS_FMT = "PMS_CLIENT_RANDOM {pms} {crandom} {ms}"


	KEY_HITS = 'found_ssl_keys_counts.txt'
	MERGED_KEY_INFO = 'merged_keyinfo.txt'

	KEY_VALUES = set(['ms', 'pms', 'swkey', 'cwkey', 'crandom', 'srandom'])


	def get_keyinfo_name(base_location):
	return os.path.join(base_location, MERGED_KEYINFO)

	def get_keyinfo(base_location):
	data = [line.strip() for line in open(get_keyinfo_name(base_location)).readlines()]
	return [parse_merged_info_line(line) for line in data]

	def parse_merge_secret_info(base_location):
	pminfos = parse_premaster_location(base_location)
	kbinfos = parse_keyblock_location(base_location)
	for master_secret,_v in pminfos.items():
	for k, v in _v.items():
	if master_secret in kbinfos:
	kbinfos[master_secret][k] = v
	else:
	kbinfos[master_secret] = {}
	if not k in kbinfos[master_secret]:
	kbinfos[master_secret][k] = v
	return kbinfos

	def parse_merged_info_line(line, key_counts={}):
	results = {}
	if not line or line.strip() == "":
	return results

	p = line.strip()
	results['tot_hits'] = 0
	elements = p.split("-")
	#print elements
	for e in elements:
	s = e.split(":")
	k, v, = s[0], s[1] if len(s) == 2 else (None, None,)
	if k is None or k == '':
	continue
	if k == 'time':
	v = int(v, 16)
	elif k in KEY_VALUES:
	hits = key_counts.get(v, 0)
	results['tot_hits'] += hits
	results['%s_hits'%k] = hits
	results[k] = v
	return results


	def merge_key_hits_key_info(base_location):
	key_counts = get_found_key_counts_dict(base_location)
	merged_info = get_merged_key_info(base_location, key_counts)
	return merged_info

	def get_merged_key_info(base_location, key_counts={}):
	fname = os.path.join(base_location, MERGED_KEY_INFO)
	data = [i.strip() for i in open(fname).readlines() if len(i.strip()) > 0]
	results = {}
	for line in data:
	pline = parse_merged_info_line(line, key_counts)
	if 'ms' in pline:
	results[pline['ms']] = pline
	return results


	if __name__ == "__main__":
	if len(sys.argv) < 2:
	"%s <location_merged_ssl_info> [wireshark]"%(sys.argv[0])
	base_location = sys.argv[1]
	outfile = None
	if len(sys.argv) == 3:
	outfile = sys.argv[2]

	all_ssl_info = []
	all_ssl_info += get_keyinfo(base_location)

	entrys = []
	for info in all_ssl_info:
	keyed = {"ms":info['ms'].lower(), 'crandom':info['crandom'].lower(), 'pms':info['pms'].lower()}
	entrys.append(WIRESHARK_PMS_FMT.format(**keyed))

	if outfile:
	open(outfile, 'w').write("\n".join(entrys))
	else:
	print ("\n".join(entrys))