<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>Thank you Giovanni, that is a useful tool - we will document it
in the OpenSIPS TLS tutorial, so other can benefit ;)<br>
<br>
Many thanks,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a>
OpenSIPS Summit May 2017 Amsterdam
<a class="moz-txt-link-freetext" href="http://www.opensips.org/events/Summit-2017Amsterdam.html">http://www.opensips.org/events/Summit-2017Amsterdam.html</a>
</pre>
<div class="moz-cite-prefix">On 05/02/2017 05:52 PM, Giovanni
Maruzzelli wrote:<br>
</div>
<blockquote
cite="mid:CALXCt0rwdDpvX6Jm+w=mkti2TFBZ7crVm29d5JbiCDsXBYPOxg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>For a cut and paste ready version, that has the correct
carriage returns (mangled by mail), check it in FreeSWITCH
documentation:<br>
<br>
<a moz-do-not-send="true"
href="https://freeswitch.org/confluence/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka">https://freeswitch.org/confluence/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka</a><br>
<br>
</div>
-giovanni<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 2 May 2017 at 16:26, Giovanni
Maruzzelli <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:gmaruzz@gmail.com" target="_blank">gmaruzz@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>Hello fellows,<br>
<br>
</div>
after some experimentation with various tools, I come
out with a little shell tool that maybe can be useful to
you too.<br>
<br>
</div>
<div>It can only work with non-forward secrecy ciphers,
obviously, and only if is started before the client do
the initial TLS handshake (eg, just restart the client).
Forward secrecy cannot be decrypted after fact, so don't
waste effort.<br>
<br>
</div>
<div>An example of ciphers that can be decrypted are the
"AES256-SHA" openssl cipher group. You can use ssldump
to check what cipher is used by serverhello.<br>
</div>
<div><br>
</div>
Enjoy, make it better, and share it :)<br>
<br>
<br>
#!/bin/bash <br>
# brought to you by Giovanni Maruzzelli<br>
# <br>
SERVERIP="192.168.1.150"<br>
SERVERPORT="5061"<br>
PRIVKEY="/etc/certs/privkey.<wbr>pem"<br>
STDERR2DEVNULL=" 2>/dev/null "<br>
REGEX="notyet"<br>
<br>
if [ -z "$1" ]; then<br>
REGEX="\\\.*"<br>
else<br>
REGEX="$1"<br>
fi<br>
FILTER="ssl.app_data and sip matches"<br>
FILTER2="$FILTER \"$REGEX\""<br>
FILTER3="'$FILTER2'"<br>
ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e
frame.number -e frame.time -e frame.time_delta_displayed
-e ip.src -e ip.dst -e sip.Status-Line -e sip.Request-Line
-e sip.msg_hdr -l -d tcp.port\=\=5061,sip -o
\"ssl.keys_list: $SERVERIP,$SERVERPORT,sip,$<wbr>PRIVKEY\"
$STDERR2DEVNULL | sed -u 's/\t/\n/g' | sed -u '/^$/d' |
sed -u 's/^[0-9]*$/\n==&=============<wbr>=================/g'"<br>
<br>
echo ""<br>
echo "NB: if it do not works, edit script so that
STDERR2DEVNULL=\" \" and try again"<br>
echo ""<br>
echo "NB: remember to quote and escape match patterns,
using triple slash"<br>
echo " eg, for matching <a moz-do-not-send="true"
href="mailto:1010@pbx.example.com" target="_blank">1010@pbx.example.com</a>,
use \"<a moz-do-not-send="true"
href="mailto:1010@pbx.example.com" target="_blank">1010@pbx.example.com</a>\""<br>
echo " eg, for matching anything, use \"\\\\\\.*\""<br>
echo " eg, for matching *98, use \"\\\\\\*98\""<br>
echo "USAGE: $0 \"\\\\\\*<a moz-do-not-send="true"
href="mailto:98@pbx.example.com" target="_blank">98@pbx.example.com</a>\""<br>
echo ""<br>
<br>
<br>
case "$1" in<br>
-help|--help|?)<br>
exit 0<br>
;;<br>
*)<br>
echo "THIS TIME WE'RE DOING:"<br>
echo "tshark $ARGUMENT"<br>
echo ""<br>
bash -c "tshark $ARGUMENT"<br>
;;<br>
esac<span class="HOEnZb"><font color="#888888"><br>
<br>
<br clear="all">
<div>
<div>
<div>
<div><br>
-- <br>
<div
class="m_6849756425851343551gmail_signature">
<div dir="ltr">
<div><span><span><br>
Sincerely,<br>
</span><span><font color="#888888"><br>
Giovanni Maruzzelli<br>
OpenTelecom.IT</font></span><br>
<span>cell: +39 347 266 56 18<span><font
color="#888888"><br>
</font></span></span></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div><span><span><br>
Sincerely,<br>
</span><span><font color="#888888"><br>
Giovanni Maruzzelli<br>
OpenTelecom.IT</font></span><br>
<span>cell: +39 347 266 56 18<span><font color="#888888"><br>
</font></span></span></span></div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>