Пример #1
0
        static void Main(string[] args)
        {
            if (args.Length != 2)
            {
                PrintUsage();
                return;
            }

            var modelContext = TlsConversationContext.CreateInMemory();

            if (String.Equals("extract", args[0], StringComparison.InvariantCultureIgnoreCase))
            {
                var filepath         = args[1];
                var frameKeyProvider = new FrameKeyProvider();
                var keyFile          = Path.ChangeExtension(filepath, "key");
                var secretMap        = File.Exists(keyFile) ? TlsMasterSecretMap.LoadFromFile(keyFile): new TlsMasterSecretMap();
                var packets          = FastPcapFileReaderDevice.ReadAll(args[1]).Select((p, i) => (Key: frameKeyProvider.GetKey(p), Value: (Meta: new PacketMeta {
                    Number = i + 1, Timestamp = p.Timestamp
                }, Packet: p)));
                var flows            = from packet in packets
                                       group packet by packet.Key;

                var conversations = TcpStreamConversation.CreateConversations(flows.ToDictionary(x => x.Key, x => x.Select(y => y.Value)));

                foreach (var conversation in conversations)
                {
                    var modelBuilder   = new TlsConversationModelBuilder(modelContext);
                    var decoderBuilder = new TlsDecoderBuilder();
                    var processor      = new TlsSessionProcessor(modelBuilder, decoderBuilder);
                    processor.ProcessConversation(conversation);


                    var model = modelBuilder.ToModel();
                    modelContext.SaveChanges();


                    var tlsDecoder   = decoderBuilder.ToDecoder();
                    var masterSecret = secretMap.GetMasterSecret(ByteString.ByteArrayToString(tlsDecoder.ClientRandom));
                    if (masterSecret != null)
                    {
                        tlsDecoder.MasterSecret = ByteString.StringToByteArray(masterSecret);
                        var tlsSecurityParameters = TlsSecurityParameters.Create(tlsDecoder.ProtocolVersion, tlsDecoder.CipherSuite.ToString(), tlsDecoder.Compression);
                        tlsDecoder.InitializeKeyBlock(tlsSecurityParameters);

                        // USE TLS DECODER
                        DumpConversationContent(tlsDecoder, conversation, processor.ClientDataRecords, processor.ServerDataRecords);
                    }
                }
                CsvFeatureWriter.WriteCsv(Path.ChangeExtension(filepath, "csv"), modelContext);
            }
        }
Пример #2
0
        private static void DumpConversationContent(TlsDecoder tlsDecoder, TcpStreamConversation conversation, IEnumerable <TlsPacket.TlsApplicationData> clientDataRecords, IEnumerable <TlsPacket.TlsApplicationData> serverDataRecords)
        {
            var convKeyString = conversation.ConversationKey.ToString().Replace('>', '_').Replace(':', '_');
            var clientKeys    = tlsDecoder.KeyBlock.GetClientKeys();

            foreach (var clientData in clientDataRecords.Select((x, i) => (Data: x, Seqnum: i + 1)))
            {
                DumpApplicationData(tlsDecoder, clientKeys, clientData.Data, (ulong)clientData.Seqnum, $"{convKeyString}-client-{clientData.Seqnum}");
            }
            var serverKeys = tlsDecoder.KeyBlock.GetServerKeys();

            foreach (var serverData in serverDataRecords.Select((x, i) => (Data: x, Seqnum: i + 1)))
            {
                DumpApplicationData(tlsDecoder, serverKeys, serverData.Data, (ulong)serverData.Seqnum, $"{convKeyString}-server-{serverData.Seqnum}");
            }
        }
Пример #3
0
        public void ProcessConversation(TcpStreamConversation conversation)
        {
            foreach (var builder in m_builders)
            {
                builder.SetFlowKey(conversation.ConversationKey);
            }

            var clientFlow = conversation.Upflow;
            var tlsClientRecordCollection = ParseTlsPacket(new KaitaiStream(clientFlow));

            ClientDataRecords = ProcessRecords(tlsClientRecordCollection, TlsDirection.ClientServer, clientFlow).ToList();

            var serverFlow = conversation.Downflow;
            var tlsServerRecordCollection = ParseTlsPacket(new KaitaiStream(serverFlow));

            ServerDataRecords = ProcessRecords(tlsServerRecordCollection, TlsDirection.ServerClient, serverFlow).ToList();
        }