-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit e948dc8
Showing
27 changed files
with
667 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| Copyright (c) 2012-2019, International Computer Science Institute | ||
|
|
||
| Redistribution and use in source and binary forms, with or without | ||
| modification, are permitted provided that the following conditions are met: | ||
|
|
||
| (1) Redistributions of source code must retain the above copyright | ||
| notice, this list of conditions and the following disclaimer. | ||
|
|
||
| (2) Redistributions in binary form must reproduce the above copyright | ||
| notice, this list of conditions and the following disclaimer in the | ||
| documentation and/or other materials provided with the distribution. | ||
|
|
||
| (3) Neither the name of the International Computer Science Institute, | ||
| nor the names of contributors may be used to endorse or promote products | ||
| derived from this software without specific prior written permission. | ||
|
|
||
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | ||
| AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | ||
| LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
| CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
| SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
| INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
| CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
| POSSIBILITY OF SUCH DAMAGE. | ||
|
|
||
| Note that some files in the distribution may carry their own copyright | ||
| notices. | ||
|
|
||
|
|
||
| ============================================================================== | ||
|
|
||
| Some trace-files and test-scripts are taken from the Zeek distribution. | ||
| Zeek distribution copyright notice: | ||
|
|
||
| ============================================================================== | ||
|
|
||
| Copyright (c) 1995-2018, The Regents of the University of California | ||
| through the Lawrence Berkeley National Laboratory and the | ||
| International Computer Science Institute. All rights reserved. | ||
|
|
||
| Redistribution and use in source and binary forms, with or without | ||
| modification, are permitted provided that the following conditions are met: | ||
|
|
||
| (1) Redistributions of source code must retain the above copyright | ||
| notice, this list of conditions and the following disclaimer. | ||
|
|
||
| (2) Redistributions in binary form must reproduce the above copyright | ||
| notice, this list of conditions and the following disclaimer in the | ||
| documentation and/or other materials provided with the distribution. | ||
|
|
||
| (3) Neither the name of the University of California, Lawrence Berkeley | ||
| National Laboratory, U.S. Dept. of Energy, International Computer | ||
| Science Institute, nor the names of contributors may be used to endorse | ||
| or promote products derived from this software without specific prior | ||
| written permission. | ||
|
|
||
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | ||
| AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | ||
| LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
| CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
| SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
| INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
| CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
| POSSIBILITY OF SUCH DAMAGE. | ||
|
|
||
| Note that some files in the distribution may carry their own copyright | ||
| notices. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # TLS Log Alternative | ||
|
|
||
| This package provides a log alternative to the traditional ```ssl.log```, which is provided by Zeek by default. If you load this package, you will get one (or optionally two) additional log files that provide a lot more information about the TLS handshake. | ||
|
|
||
| Loading this script by default will create a new ```tls.log``` file. This file contains a lot of low-level details of the handshake. For more details, please see ```tls.zeek``` in ```scripts```, which has documentation for every field. Example log output: | ||
|
|
||
| ``` | ||
| #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p server_version client_version cipher client_ciphers sni ssl_client_exts ssl_server_exts ticket_lifetime_hint server_certs client_certs ssl_established dh_param_size point_formats client_curves curve orig_alpn resp_alpn alert client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs | ||
| #types time string addr port addr port count count count vector[count] vector[string] vector[count] vector[count] count vector[string]vector[string] bool count vector[count] vector[count] count vector[string] vector[string] vector[count] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count] | ||
| 1491407508.244862 C59DC42iW3polXuIef 192.168.6.240 65503 139.162.123.134 13443 32531 771 4866 49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,4866,4867,4865,61,60,53,47,255 - 11,10,35,13,22,23,43,45,40 40 - -- F - 0,1,2 29,23,25,24 - - - - 32531,771,770,769 - 1,0 29 29 0 3,3,3,4,5,6,1,1,1,3,1,2,2,2,2 4,5,6,8,8,8,4,5,6,2,2,2,4,5,6 | ||
| 1491407512.852869 C3tAYa2eYDO4qZFDie 192.168.6.240 65504 139.162.123.134 13443 32531 771 4866 49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,4866,4867,4865,61,60,53,47,255 - 11,10,35,13,22,23,43,45,40,42,41 40,41-- - F - 0,1,2 29,23,25,24 - - - - 32531,771,770,769 - 1,0 29 29 0 3,3,3,4,5,6,1,1,1,3,1,2,2,2,2 4,5,6,8,8,8,4,5,6,2,2,2,4,5,6 | ||
| ``` | ||
|
|
||
| If you re-define the option ```TLSLog::log_certificates``` to true, you also get a second log file called ```tls_certificates.log```, which contains a base64-encoded version of all certificates that are sent over the wire. | ||
|
|
||
| By default, certificate hashes are provided as sha256. If you want to use a different hash algorithm, you can redef ```TLSLog::hash_function``` to a different hash function, e.g. to ```sha1_hash```. | ||
|
|
||
| The easiest way to install this pacjage is by using the package manager; just do | ||
|
|
||
| ``` | ||
| zkg install 0xxon/tls-log-alternative | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| @load ./tls |
Oops, something went wrong.