is an SSLv3/TLS network protocol analyzer.
| README.md (ssldump-1.4) | : | README.md (ssldump-1.5) |
|---|
| | |
| skipping to change at line 29 | | skipping to change at line 29 |
|---|
| provided with the appropriate keying material, it will also decrypt | | provided with the appropriate keying material, it will also decrypt |
| the connections and display the application data traffic. It also | | the connections and display the application data traffic. It also |
| includes a JSON output option, supports [JA3](https://github.com/salesforce/ja3)
and IPv6. | | includes a JSON output option, supports [JA3](https://github.com/salesforce/ja3)
and IPv6. |
| | |
| # How to do I run ssldump? | | # How to do I run ssldump? |
| | |
| `./ssldump -j -ANH -n -i any | jq` will run ssldump on all interfaces and outpu
t the result in JSON format including ja3 hashes. | | `./ssldump -j -ANH -n -i any | jq` will run ssldump on all interfaces and outpu
t the result in JSON format including ja3 hashes. |
| | |
| For more details, check the man page. | | For more details, check the man page. |
| | |
|
| | ## How can I lookup ja3 hashes? |
| | |
| | This example will query ja3er.com service to display the known ja3 hashes from t |
| | he TLS handshaked in the pcap. |
| | |
| | `ssldump -r yourcapture.pcap -j | jq -r 'select(.ja3_fp != null) | .ja3_fp' | p |
| | arallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'` |
| | |
| # Why do you maintain this repository? | | # Why do you maintain this repository? |
| | |
| Because it's a mess. The software maintenance process for old free (unmaintained
) software | | Because it's a mess. The software maintenance process for old free (unmaintained
) software |
| like ssldump is a complete chaotic process. I do this to ease my pain and this c
ould help | | like ssldump is a complete chaotic process. I do this to ease my pain and this c
ould help |
| other too (but this is just a collateral damage). | | other too (but this is just a collateral damage). |
| | |
| # Where ssldump is used? | | # Where ssldump is used? |
| | |
| - I used it for a relatively small project called Passive SSL. For more informat
ion, [Passive SSL Passive Detection and Reconnaissance Techniques, to Find, Trac
k, and Attribute Vulnerable ”Devices”](https://www.first.org/resources/papers/co
nf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf). Addit
ional back-end code available is in the [crl-monitor ](https://github.com/adulau
/crl-monitor/tree/master/bin/x509) repository. | | - I used it for a relatively small project called Passive SSL. For more informat
ion, [Passive SSL Passive Detection and Reconnaissance Techniques, to Find, Trac
k, and Attribute Vulnerable ”Devices”](https://www.first.org/resources/papers/co
nf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf). Addit
ional back-end code available is in the [crl-monitor ](https://github.com/adulau
/crl-monitor/tree/master/bin/x509) repository. |
| - ssldump is used in the [D4-Project](https://github.com/D4-project/). | | - ssldump is used in the [D4-Project](https://github.com/D4-project/). |
| | | |
| End of changes. 1 change blocks. |
|---|
| 0 lines changed or deleted | | 8 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 