Exemple #1
0
        public unsafe void Trace(Packet packet, PacketMonitorForm Form)
        {
            IpPacket  ipPacket  = null;
            TcpPacket tcpPacket = null;

            try
            {
                ipPacket = PacketDotNet.IpPacket.GetEncapsulated(packet);
                if (ipPacket == null || ipPacket.Version == IpVersion.IPv6)
                {
                    return;
                }
                tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
                if (tcpPacket == null)
                {
                    return;
                }
                if (tcpPacket.PayloadData.Length < 6)
                {
                    return;
                }
            }
            catch
            {
                return;
            }

            TraceClientHello(ipPacket, tcpPacket, Form);

            fixed(Byte *_Byte = packet.Bytes)
            {
                SSLAnalyze.InsertPacketData(_Byte);
            }

            if (SSLAnalyze.GetHandShakeMainContent())
            {
                var _SSLInformation = AddToSSLInfo(Form, null);
                WriteToDB(_SSLInformation);
            }

            var _Certificate = _CertificateManage.Trace(packet);

            if (_Certificate != null)
            {
                AddToSSLInfo(Form, _Certificate);
                DoSomething(Form, _Certificate);
            }
        }
Exemple #2
0
        //結合 Key 和 Certificate 之資訊緩存
        private unsafe SSLInformation AddToSSLInfo(PacketMonitorForm form, Certificate _Certificate)
        {
            List <IPTraceInfo> list = form.listIPTrace;
            Port port = null;

            // 當有 Certificate 時代表有建立了 SSL 連線對談,但尚未取得完整鑰匙資訊,因此先放入列表中等待資訊完整放入
            if (_Certificate != null)
            {
                SSLInformationList.Add(new SSLInformation {
                    UserIP      = _Certificate.UserIP,
                    ServerIP    = _Certificate.ServerIP,
                    UserPort    = _Certificate.UserPort,
                    ServerPort  = _Certificate.ServerPort,
                    certificate = _Certificate,
                });
                return(null);
            }
            else if (_Certificate == null)
            {
                string _UserIP     = string.Format("{0}.{1}.{2}.{3}", SSLAnalyze.GetUserIP()[3], SSLAnalyze.GetUserIP()[2], SSLAnalyze.GetUserIP()[1], SSLAnalyze.GetUserIP()[0]);
                string _ServerIP   = string.Format("{0}.{1}.{2}.{3}", SSLAnalyze.GetServerIP()[3], SSLAnalyze.GetServerIP()[2], SSLAnalyze.GetServerIP()[1], SSLAnalyze.GetServerIP()[0]);
                string _UserPort   = SSLAnalyze.GetUserPort().ToString();
                string _ServerPort = SSLAnalyze.GetServerPort().ToString();

                for (int j = 0; j < list.Count; j++)
                {
                    if ((list[j].SrcIP == _ServerIP) && (list[j].DstIP == _UserIP))
                    {
                        foreach (var p in list[j].Ports)
                        {
                            if ((p.SrcPort == _ServerPort) && (p.DstPort == _UserPort))
                            {
                                port = p;
                                break;
                            }
                        }
                    }
                    else if ((list[j].DstIP == _ServerIP) && (list[j].SrcIP == _UserIP))
                    {
                        foreach (var p in list[j].Ports)
                        {
                            if ((p.SrcPort == _UserPort) && (p.DstPort == _ServerPort))
                            {
                                port = p;
                                break;
                            }
                        }
                    }
                }

                foreach (var _SSLInformation in SSLInformationList)
                {
                    if (_UserIP == _SSLInformation.UserIP &&
                        _ServerIP == _SSLInformation.ServerIP &&
                        _UserPort == _SSLInformation.UserPort &&
                        _ServerPort == _SSLInformation.ServerPort)
                    {
                        _SSLInformation.Version     = SSLAnalyze.GetVersion().ToString();
                        _SSLInformation.CipherSuite = SSLAnalyze.GetCipherSuite().ToString();

                        string pubkey = null;
                        if (SSLAnalyze.GetPubKeyLen() > 0)
                        {
                            if (SSLAnalyze.GetPubKeyLen() == SSLAnalyze.GetSessionKeyLen())
                            {
                                for (int i = 0; i < SSLAnalyze.GetPubKeyLen(); i++)
                                {
                                    pubkey += string.Format("{0:x2} ", SSLAnalyze.GetPubkey()[i]);
                                }
                            }
                            else
                            {
                                for (int i = 0; i < SSLAnalyze.GetSessionKeyLen(); i++)
                                {
                                    pubkey += string.Format("{0:x2} ", SSLAnalyze.GetPubkey()[i + 6]);
                                }
                            }
                        }
                        _SSLInformation.PubKey = pubkey;

                        string sessionkey = null;
                        if (SSLAnalyze.GetSessionKeyLen() > 0)
                        {
                            for (int i = 0; i < SSLAnalyze.GetSessionKeyLen(); i++)
                            {
                                sessionkey += string.Format("{0:x2} ", SSLAnalyze.GetSessionKey()[i]);
                            }
                        }
                        _SSLInformation.SessionKey = sessionkey;

                        string NewSessionkey = null;
                        if (SSLAnalyze.GetNewSessionTicketLen() > 0)
                        {
                            for (int i = 0; i < SSLAnalyze.GetNewSessionTicketLen(); i++)
                            {
                                NewSessionkey += string.Format("{0:x2} ", SSLAnalyze.GetNewSessionTicket()[i]);
                            }
                        }
                        _SSLInformation.NewSessionKey = NewSessionkey;

                        if (port != null && (pubkey != null || sessionkey != null || NewSessionkey != null))
                        {
                            port.keys.ServerPort = _ServerPort;
                            port.keys.UserPort   = _UserPort;
                            if (port.keys.pubKey == null)
                            {
                                port.keys.pubKey = pubkey;
                            }
                            if (port.keys.sessionKey == null)
                            {
                                port.keys.sessionKey = sessionkey;
                            }
                            if (port.keys.newSessionkey == null)
                            {
                                port.keys.newSessionkey = NewSessionkey;
                            }
                            port.keys.hasKey = true;
                        }

                        SSLInformationList.Remove(_SSLInformation);
                        return(_SSLInformation);
                    }
                }

                // 此之後之程式碼是設定沒有 Certificate 之 SSL資訊
                var sslInformation = new SSLInformation();
                sslInformation.UserIP      = _UserIP;
                sslInformation.ServerIP    = _ServerIP;
                sslInformation.UserPort    = _UserPort;
                sslInformation.ServerPort  = _ServerPort;
                sslInformation.Version     = SSLAnalyze.GetVersion().ToString();
                sslInformation.CipherSuite = SSLAnalyze.GetCipherSuite().ToString();

                string _pubkey = null;
                if (SSLAnalyze.GetPubKeyLen() > 0)
                {
                    if (SSLAnalyze.GetPubKeyLen() == SSLAnalyze.GetSessionKeyLen())
                    {
                        for (int i = 0; i < SSLAnalyze.GetPubKeyLen(); i++)
                        {
                            _pubkey += string.Format("{0:x2} ", SSLAnalyze.GetPubkey()[i]);
                        }
                    }
                    else
                    {
                        for (int i = 0; i < SSLAnalyze.GetSessionKeyLen(); i++)
                        {
                            _pubkey += string.Format("{0:x2} ", SSLAnalyze.GetPubkey()[i + 6]);
                        }
                    }
                }
                sslInformation.PubKey = _pubkey;

                string _sessionkey = null;
                if (SSLAnalyze.GetSessionKeyLen() > 0)
                {
                    for (int i = 0; i < SSLAnalyze.GetSessionKeyLen(); i++)
                    {
                        _sessionkey += string.Format("{0:x2} ", SSLAnalyze.GetSessionKey()[i]);
                    }
                }
                sslInformation.SessionKey = _sessionkey;

                string _NewSessionkey = null;
                if (SSLAnalyze.GetNewSessionTicketLen() > 0)
                {
                    for (int i = 0; i < SSLAnalyze.GetNewSessionTicketLen(); i++)
                    {
                        _NewSessionkey += string.Format("{0:x2} ", SSLAnalyze.GetNewSessionTicket()[i]);
                    }
                }
                sslInformation.NewSessionKey = _NewSessionkey;

                sslInformation.certificate = null;

                if (port != null && (_pubkey != null || _sessionkey != null || _NewSessionkey != null))
                {
                    port.keys.ServerPort = _ServerPort;
                    port.keys.UserPort   = _UserPort;
                    if (port.keys.pubKey == null)
                    {
                        port.keys.pubKey = _pubkey;
                    }
                    if (port.keys.sessionKey == null)
                    {
                        port.keys.sessionKey = _sessionkey;
                    }
                    if (port.keys.newSessionkey == null)
                    {
                        port.keys.newSessionkey = _NewSessionkey;
                    }
                    port.keys.hasKey = true;
                }
                return(sslInformation);
            }

            return(null);
        }