[SR-Users] TLS SIP packet tracing and visualization
Daniel-Constantin Mierla
miconda at gmail.com
Wed May 3 08:56:36 CEST 2017
Thanks for sharing, is it capturing RTP as well?
What do you mean by visualization? Displaying in wireshark GUI or still
everything in the terminal?
Cheers,
Daniel
On 02.05.17 16:52, Giovanni Maruzzelli wrote:
> For a cut and paste ready version, that has the correct carriage
> returns (mangled by mail), check it in FreeSWITCH documentation:
>
> https://freeswitch.org/confluence/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka
>
> -giovanni
>
> On 2 May 2017 at 16:26, Giovanni Maruzzelli <gmaruzz at gmail.com
> <mailto:gmaruzz at gmail.com>> wrote:
>
> Hello fellows,
>
> after some experimentation with various tools, I come out with a
> little shell tool that maybe can be useful to you too.
>
> It can only work with non-forward secrecy ciphers, obviously, and
> only if is started before the client do the initial TLS handshake
> (eg, just restart the client). Forward secrecy cannot be decrypted
> after fact, so don't waste effort.
>
> An example of ciphers that can be decrypted are the "AES256-SHA"
> openssl cipher group. You can use ssldump to check what cipher is
> used by serverhello.
>
> Enjoy, make it better, and share it :)
>
>
> #!/bin/bash
> # brought to you by Giovanni Maruzzelli
> #
> SERVERIP="192.168.1.150"
> SERVERPORT="5061"
> PRIVKEY="/etc/certs/privkey.pem"
> STDERR2DEVNULL=" 2>/dev/null "
> REGEX="notyet"
>
> if [ -z "$1" ]; then
> REGEX="\\\.*"
> else
> REGEX="$1"
> fi
> FILTER="ssl.app_data and sip matches"
> FILTER2="$FILTER \"$REGEX\""
> FILTER3="'$FILTER2'"
> ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number
> -e frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e
> sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d
> tcp.port\=\=5061,sip -o \"ssl.keys_list:
> $SERVERIP,$SERVERPORT,sip,$PRIVKEY\" $STDERR2DEVNULL | sed -u
> 's/\t/\n/g' | sed -u '/^$/d' | sed -u
> 's/^[0-9]*$/\n==&==============================/g'"
>
> echo ""
> echo "NB: if it do not works, edit script so that
> STDERR2DEVNULL=\" \" and try again"
> echo ""
> echo "NB: remember to quote and escape match patterns, using
> triple slash"
> echo " eg, for matching 1010 at pbx.example.com
> <mailto:1010 at pbx.example.com>, use \"1010 at pbx.example.com
> <mailto:1010 at pbx.example.com>\""
> echo " eg, for matching anything, use \"\\\\\\.*\""
> echo " eg, for matching *98, use \"\\\\\\*98\""
> echo "USAGE: $0 \"\\\\\\*98 at pbx.example.com
> <mailto:98 at pbx.example.com>\""
> echo ""
>
>
> case "$1" in
> -help|--help|?)
> exit 0
> ;;
> *)
> echo "THIS TIME WE'RE DOING:"
> echo "tshark $ARGUMENT"
> echo ""
> bash -c "tshark $ARGUMENT"
> ;;
> esac
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20170503/e6bd506e/attachment.html>
More information about the sr-users
mailing list