有没有办法在OpenWRT路由器下记录SSL的握手证书呢
224 views
Skip to first unread message
Peter Wang
Jul 17, 2015, 6:04:07 AM7/17/15
to tuna-g...@googlegroups.com
如题,为了保证MITM攻击能被及时发现并及时将流氓CA举报。如果直接用tcpdump抓443端口,再拿Wireshark分析,那样数据量太大了,怎么才能只记录握手时的数据包呢?
Qijiang Fan
Jul 17, 2015, 6:10:14 AM7/17/15
to tuna-g...@googlegroups.com
有一个基于 libpacap 的东西叫 DShell (https://github.com/USArmyResearchLab/Dshell)
可以对实时的流或者历史抓包的pcap进行分析(自己写 Python 插件)
SSL的证书应该是在ServerHello那个packet里面。
On Fri, Jul 17, 2015 at 6:04 PM, Peter Wang <imlib...@gmail.com> wrote:
> 如题,为了保证MITM攻击能被及时发现并及时将流氓CA举报。如果直接用tcpdump抓443端口,再拿Wireshark分析,那样数据量太大了,怎么才能只记录握手时的数据包呢?
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to tuna-general...@googlegroups.com.
> To post to this group, send email to tuna-g...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Qijiang (Chi-Chiang) Fan
GPG KEY ID (LONG): 3983 9DD3 50E4 6156
If you need a GPG encrypted and/or signed email, please tell in advance.
If you're not intended to receive this email, please don't forward it
to anyone else, please delete it and its copies, including all
attachments, and please let the sender know it went to the wrong
person. Thanks.
可以对实时的流或者历史抓包的pcap进行分析(自己写 Python 插件)
SSL的证书应该是在ServerHello那个packet里面。
On Fri, Jul 17, 2015 at 6:04 PM, Peter Wang <imlib...@gmail.com> wrote:
> 如题,为了保证MITM攻击能被及时发现并及时将流氓CA举报。如果直接用tcpdump抓443端口,再拿Wireshark分析,那样数据量太大了,怎么才能只记录握手时的数据包呢?
>
>
> ---
> You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to tuna-general...@googlegroups.com.
> To post to this group, send email to tuna-g...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Qijiang (Chi-Chiang) Fan
GPG KEY ID (LONG): 3983 9DD3 50E4 6156
If you need a GPG encrypted and/or signed email, please tell in advance.
If you're not intended to receive this email, please don't forward it
to anyone else, please delete it and its copies, including all
attachments, and please let the sender know it went to the wrong
person. Thanks.
Peter Wang
Jul 17, 2015, 8:40:39 AM7/17/15
to tuna-g...@googlegroups.com
其实我觉得他们不会用比较高级的攻击(比如CNNIC)对付我们普通人,那样对他们来说成本太高而且容易被发现。CNNIC证书对他们的意义大概是对付那些敏感词人士(你懂的)用的。
Reply all
Reply to author
Forward
0 new messages