"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "README.md" between
ssldump-1.4.tar.gz and ssldump-1.5.tar.gz

About: ssldump is an SSLv3/TLS network protocol analyzer.

README.md  (ssldump-1.4):README.md  (ssldump-1.5)
skipping to change at line 29 skipping to change at line 29
provided with the appropriate keying material, it will also decrypt provided with the appropriate keying material, it will also decrypt
the connections and display the application data traffic. It also the connections and display the application data traffic. It also
includes a JSON output option, supports [JA3](https://github.com/salesforce/ja3) and IPv6. includes a JSON output option, supports [JA3](https://github.com/salesforce/ja3) and IPv6.
# How to do I run ssldump? # How to do I run ssldump?
`./ssldump -j -ANH -n -i any | jq` will run ssldump on all interfaces and outpu t the result in JSON format including ja3 hashes. `./ssldump -j -ANH -n -i any | jq` will run ssldump on all interfaces and outpu t the result in JSON format including ja3 hashes.
For more details, check the man page. For more details, check the man page.
## How can I lookup ja3 hashes?
This example will query ja3er.com service to display the known ja3 hashes from t
he TLS handshaked in the pcap.
`ssldump -r yourcapture.pcap -j | jq -r 'select(.ja3_fp != null) | .ja3_fp' | p
arallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'`
# Why do you maintain this repository? # Why do you maintain this repository?
Because it's a mess. The software maintenance process for old free (unmaintained ) software Because it's a mess. The software maintenance process for old free (unmaintained ) software
like ssldump is a complete chaotic process. I do this to ease my pain and this c ould help like ssldump is a complete chaotic process. I do this to ease my pain and this c ould help
other too (but this is just a collateral damage). other too (but this is just a collateral damage).
# Where ssldump is used? # Where ssldump is used?
- I used it for a relatively small project called Passive SSL. For more informat ion, [Passive SSL Passive Detection and Reconnaissance Techniques, to Find, Trac k, and Attribute Vulnerable ”Devices”](https://www.first.org/resources/papers/co nf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf). Addit ional back-end code available is in the [crl-monitor ](https://github.com/adulau /crl-monitor/tree/master/bin/x509) repository. - I used it for a relatively small project called Passive SSL. For more informat ion, [Passive SSL Passive Detection and Reconnaissance Techniques, to Find, Trac k, and Attribute Vulnerable ”Devices”](https://www.first.org/resources/papers/co nf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf). Addit ional back-end code available is in the [crl-monitor ](https://github.com/adulau /crl-monitor/tree/master/bin/x509) repository.
- ssldump is used in the [D4-Project](https://github.com/D4-project/). - ssldump is used in the [D4-Project](https://github.com/D4-project/).
 End of changes. 1 change blocks. 
0 lines changed or deleted 8 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)