public unsafe void Trace(Packet packet, PacketMonitorForm Form)
{
IpPacket ipPacket = null;
TcpPacket tcpPacket = null;
try
{
ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet);
if (ipPacket == null || ipPacket.Version == IpVersion.IPv6)
{
return;
}
tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
if (tcpPacket == null)
{
return;
}
if (tcpPacket.PayloadData.Length < 6)
{
return;
}
}
catch
{
return;
}
TraceClientHello(ipPacket, tcpPacket, Form);
fixed(Byte *_Byte = packet.Bytes)
{
SSLAnalyze.InsertPacketData(_Byte);
}
if (SSLAnalyze.GetHandShakeMainContent())
{
var _SSLInformation = AddToSSLInfo(Form, null);
WriteToDB(_SSLInformation);
}
var _Certificate = _CertificateManage.Trace(packet);
if (_Certificate != null)
{
AddToSSLInfo(Form, _Certificate);
DoSomething(Form, _Certificate);
}
}
//結合 Key 和 Certificate 之資訊緩存
private unsafe SSLInformation AddToSSLInfo(PacketMonitorForm form, Certificate _Certificate)
{
List <IPTraceInfo> list = form.listIPTrace;
Port port = null;
// 當有 Certificate 時代表有建立了 SSL 連線對談,但尚未取得完整鑰匙資訊,因此先放入列表中等待資訊完整放入
if (_Certificate != null)
{
SSLInformationList.Add(new SSLInformation {
UserIP = _Certificate.UserIP,
ServerIP = _Certificate.ServerIP,
UserPort = _Certificate.UserPort,
ServerPort = _Certificate.ServerPort,
certificate = _Certificate,
});
return(null);
}
else if (_Certificate == null)
{
string _UserIP = string.Format("{0}.{1}.{2}.{3}", SSLAnalyze.GetUserIP()[3], SSLAnalyze.GetUserIP()[2], SSLAnalyze.GetUserIP()[1], SSLAnalyze.GetUserIP()[0]);
string _ServerIP = string.Format("{0}.{1}.{2}.{3}", SSLAnalyze.GetServerIP()[3], SSLAnalyze.GetServerIP()[2], SSLAnalyze.GetServerIP()[1], SSLAnalyze.GetServerIP()[0]);
string _UserPort = SSLAnalyze.GetUserPort().ToString();
string _ServerPort = SSLAnalyze.GetServerPort().ToString();
for (int j = 0; j < list.Count; j++)
{
if ((list[j].SrcIP == _ServerIP) && (list[j].DstIP == _UserIP))
{
foreach (var p in list[j].Ports)
{
if ((p.SrcPort == _ServerPort) && (p.DstPort == _UserPort))
{
port = p;
break;
}
}
}
else if ((list[j].DstIP == _ServerIP) && (list[j].SrcIP == _UserIP))
{
foreach (var p in list[j].Ports)
{
if ((p.SrcPort == _UserPort) && (p.DstPort == _ServerPort))
{
port = p;
break;
}
}
}
}
foreach (var _SSLInformation in SSLInformationList)
{
if (_UserIP == _SSLInformation.UserIP &&
_ServerIP == _SSLInformation.ServerIP &&
_UserPort == _SSLInformation.UserPort &&
_ServerPort == _SSLInformation.ServerPort)
{
_SSLInformation.Version = SSLAnalyze.GetVersion().ToString();
_SSLInformation.CipherSuite = SSLAnalyze.GetCipherSuite().ToString();
string pubkey = null;
if (SSLAnalyze.GetPubKeyLen() > 0)
{
if (SSLAnalyze.GetPubKeyLen() == SSLAnalyze.GetSessionKeyLen())
{
for (int i = 0; i < SSLAnalyze.GetPubKeyLen(); i++)
{
pubkey += string.Format("{0:x2} ", SSLAnalyze.GetPubkey()[i]);
}
}
else
{
for (int i = 0; i < SSLAnalyze.GetSessionKeyLen(); i++)
{
pubkey += string.Format("{0:x2} ", SSLAnalyze.GetPubkey()[i + 6]);
}
}
}
_SSLInformation.PubKey = pubkey;
string sessionkey = null;
if (SSLAnalyze.GetSessionKeyLen() > 0)
{
for (int i = 0; i < SSLAnalyze.GetSessionKeyLen(); i++)
{
sessionkey += string.Format("{0:x2} ", SSLAnalyze.GetSessionKey()[i]);
}
}
_SSLInformation.SessionKey = sessionkey;
string NewSessionkey = null;
if (SSLAnalyze.GetNewSessionTicketLen() > 0)
{
for (int i = 0; i < SSLAnalyze.GetNewSessionTicketLen(); i++)
{
NewSessionkey += string.Format("{0:x2} ", SSLAnalyze.GetNewSessionTicket()[i]);
}
}
_SSLInformation.NewSessionKey = NewSessionkey;
if (port != null && (pubkey != null || sessionkey != null || NewSessionkey != null))
{
port.keys.ServerPort = _ServerPort;
port.keys.UserPort = _UserPort;
if (port.keys.pubKey == null)
{
port.keys.pubKey = pubkey;
}
if (port.keys.sessionKey == null)
{
port.keys.sessionKey = sessionkey;
}
if (port.keys.newSessionkey == null)
{
port.keys.newSessionkey = NewSessionkey;
}
port.keys.hasKey = true;
}
SSLInformationList.Remove(_SSLInformation);
return(_SSLInformation);
}
}
// 此之後之程式碼是設定沒有 Certificate 之 SSL資訊
var sslInformation = new SSLInformation();
sslInformation.UserIP = _UserIP;
sslInformation.ServerIP = _ServerIP;
sslInformation.UserPort = _UserPort;
sslInformation.ServerPort = _ServerPort;
sslInformation.Version = SSLAnalyze.GetVersion().ToString();
sslInformation.CipherSuite = SSLAnalyze.GetCipherSuite().ToString();
string _pubkey = null;
if (SSLAnalyze.GetPubKeyLen() > 0)
{
if (SSLAnalyze.GetPubKeyLen() == SSLAnalyze.GetSessionKeyLen())
{
for (int i = 0; i < SSLAnalyze.GetPubKeyLen(); i++)
{
_pubkey += string.Format("{0:x2} ", SSLAnalyze.GetPubkey()[i]);
}
}
else
{
for (int i = 0; i < SSLAnalyze.GetSessionKeyLen(); i++)
{
_pubkey += string.Format("{0:x2} ", SSLAnalyze.GetPubkey()[i + 6]);
}
}
}
sslInformation.PubKey = _pubkey;
string _sessionkey = null;
if (SSLAnalyze.GetSessionKeyLen() > 0)
{
for (int i = 0; i < SSLAnalyze.GetSessionKeyLen(); i++)
{
_sessionkey += string.Format("{0:x2} ", SSLAnalyze.GetSessionKey()[i]);
}
}
sslInformation.SessionKey = _sessionkey;
string _NewSessionkey = null;
if (SSLAnalyze.GetNewSessionTicketLen() > 0)
{
for (int i = 0; i < SSLAnalyze.GetNewSessionTicketLen(); i++)
{
_NewSessionkey += string.Format("{0:x2} ", SSLAnalyze.GetNewSessionTicket()[i]);
}
}
sslInformation.NewSessionKey = _NewSessionkey;
sslInformation.certificate = null;
if (port != null && (_pubkey != null || _sessionkey != null || _NewSessionkey != null))
{
port.keys.ServerPort = _ServerPort;
port.keys.UserPort = _UserPort;
if (port.keys.pubKey == null)
{
port.keys.pubKey = _pubkey;
}
if (port.keys.sessionKey == null)
{
port.keys.sessionKey = _sessionkey;
}
if (port.keys.newSessionkey == null)
{
port.keys.newSessionkey = _NewSessionkey;
}
port.keys.hasKey = true;
}
return(sslInformation);
}
return(null);
}
