[Freeswitch-users] [OpenSIPS-Users] TLS SIP packet tracing and visualization

Giovanni Maruzzelli gmaruzz at gmail.com
Thu May 11 19:43:31 MSD 2017


On 10 May 2017 at 21:38, Daniel Greenwald <dig1234 at gmail.com> wrote:

> Thanks for this script!
> Theoretically it is possible to see TLS SIP traffic with freeswitch
> sending HEP to Homer. But there seems to be a bug in FS that only sends one
> side of SIP conversation (ie the FS side, not inbound messages)..
>
>
Daniel,

have you had this problem yourself, or just heard about? Have you opened a
jira issue for it?

If you encountered this problem, please report it in Jira. Please never
report bugs in mailing list only, they will be lost and forgot. Jira is how
we manage bugs ;)

-giovanni



> On Tue, May 9, 2017 at 11:10 AM, Giovanni Maruzzelli <gmaruzz at gmail.com>
> wrote:
>
>> On 9 May 2017 at 15:18, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:
>>
>>> Thank you Giovanni, that is a useful tool - we will document it in the
>>> OpenSIPS TLS tutorial, so other can benefit ;)
>>>
>>>
>>
>> Glad about it!
>> Be sure to get it from https://freeswitch.org/conflue
>> nce/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka , is
>> the latest version with a couple fixes.
>>
>> -giovanni
>>
>>
>>
>>
>>> Many thanks,
>>>
>>> Bogdan-Andrei Iancu
>>>   OpenSIPS Founder and Developer
>>>   http://www.opensips-solutions.com
>>>
>>> OpenSIPS Summit May 2017 Amsterdam
>>>   http://www.opensips.org/events/Summit-2017Amsterdam.html
>>>
>>> On 05/02/2017 05:52 PM, Giovanni Maruzzelli wrote:
>>>
>>> For a cut and paste ready version, that has the correct carriage returns
>>> (mangled by mail), check it in FreeSWITCH documentation:
>>>
>>> https://freeswitch.org/confluence/display/FREESWITCH/Packet+
>>> Capture#PacketCapture-TLSwithsharka
>>>
>>> -giovanni
>>>
>>> On 2 May 2017 at 16:26, Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:
>>>
>>>> Hello fellows,
>>>>
>>>> after some experimentation with various tools, I come out with a little
>>>> shell tool that maybe can be useful to you too.
>>>>
>>>> It can only work with non-forward secrecy ciphers, obviously, and only
>>>> if is started before the client do the initial TLS handshake (eg, just
>>>> restart the client). Forward secrecy cannot be decrypted after fact, so
>>>> don't waste effort.
>>>>
>>>> An example of ciphers that can be decrypted are the "AES256-SHA"
>>>> openssl cipher group. You can use ssldump to check what cipher is used by
>>>> serverhello.
>>>>
>>>> Enjoy, make it better, and share it :)
>>>>
>>>>
>>>> #!/bin/bash
>>>> # brought to you by Giovanni Maruzzelli
>>>> #
>>>> SERVERIP="192.168.1.150"
>>>> SERVERPORT="5061"
>>>> PRIVKEY="/etc/certs/privkey.pem"
>>>> STDERR2DEVNULL=" 2>/dev/null "
>>>> REGEX="notyet"
>>>>
>>>> if [ -z "$1" ]; then
>>>>         REGEX="\\\.*"
>>>> else
>>>>         REGEX="$1"
>>>> fi
>>>> FILTER="ssl.app_data and sip matches"
>>>> FILTER2="$FILTER \"$REGEX\""
>>>> FILTER3="'$FILTER2'"
>>>> ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number -e
>>>> frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e
>>>> sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d
>>>> tcp.port\=\=5061,sip  -o \"ssl.keys_list: $SERVERIP,$SERVERPORT,sip,$PRIVKEY\"
>>>> $STDERR2DEVNULL | sed -u 's/\t/\n/g' | sed -u '/^$/d' | sed -u
>>>> 's/^[0-9]*$/\n==&==============================/g'"
>>>>
>>>> echo ""
>>>> echo "NB: if it do not works, edit script so that STDERR2DEVNULL=\" \"
>>>> and try again"
>>>> echo ""
>>>> echo "NB: remember to quote and escape match patterns, using triple
>>>> slash"
>>>> echo "    eg, for matching 1010 at pbx.example.com, use \"
>>>> 1010 at pbx.example.com\""
>>>> echo "    eg, for matching anything, use \"\\\\\\.*\""
>>>> echo "    eg, for matching *98, use \"\\\\\\*98\""
>>>> echo "USAGE: $0 \"\\\\\\*98 at pbx.example.com\""
>>>> echo ""
>>>>
>>>>
>>>> case "$1" in
>>>>         -help|--help|?)
>>>>         exit 0
>>>>         ;;
>>>> *)
>>>>         echo "THIS TIME WE'RE DOING:"
>>>>         echo "tshark $ARGUMENT"
>>>>         echo ""
>>>>         bash -c "tshark $ARGUMENT"
>>>>         ;;
>>>> esac
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Sincerely,
>>>>
>>>> Giovanni Maruzzelli
>>>> OpenTelecom.IT
>>>> cell: +39 347 266 56 18
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Sincerely,
>>>
>>> Giovanni Maruzzelli
>>> OpenTelecom.IT
>>> cell: +39 347 266 56 18
>>>
>>>
>>> _______________________________________________
>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>
>>
>> --
>>
>> Sincerely,
>>
>> Giovanni Maruzzelli
>> OpenTelecom.IT
>> cell: +39 347 266 56 18
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 

Sincerely,

Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170511/6a4e6e52/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list