I've written my own dissector (in lua) to dissect USB URB packets, remove a header, and send the remaining packet data on to the ssl dissector like so:
local ssl = Dissector.get('ssl')
local newbuf = tvbuf:range(42, pktlen-42):tvb()
ssl:call(newbuf, pktinfo, root)
Works all well and good ^.^ but when I add RSA keys, they seem to be associated with TCP port 0, so I cannot get them to be recognized by my packet stream which logs them as "UDP port -1"
ssl-debug.log excerpts:
ssl_association_remove removing TCP 0 - data handle 0x1f471b0
Private key imported: KeyID 4c:2a:fb:42:99:02:85:8d:24:87:ff:f7:67:97:e6:6b:...
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init IPv4 addr '0.0.0.0' (0.0.0.0) port '0' filename '/home/jonah/Workspace/mobdev/iRealD/root_private_key.pem' password(only for p12 file) ''
ssl_init private key file /home/jonah/Workspace/mobdev/iRealD/root_private_key.pem successfully loaded.
association_add TCP port 0 protocol data handle 0x1f471b0
dissect_ssl enter frame #103 (first time)
conversation = 0x7f0b999dda38, ssl_session = 0x7f0b999ddb30
record: offset = 0, reported_length_remaining = 138
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 133, ssl state 0x00
association_find: UDP port -1 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 129 bytes, remaining 138
packet_from_server: is from server - FALSE
ssl_find_private_key server 7.4:4
ssl_find_private_key can't find private key for this server! Try it again with universal port 0
ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
ssl_find_private_key can't find any private key!
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #105 (first time)
conversation = 0x7f0b999ddf10, ssl_session = 0x7f0b999ddfb0
record: offset = 0, reported_length_remaining = 79
dissect_ssl3_record found version 0x0300 -> state 0x10
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 74, ssl state 0x10
association_find: UDP port 5 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x12
dissect_ssl3_hnd_srv_hello found CIPHER 0x0035 -> state 0x16
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x16 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
dissect_ssl enter frame #106 (first time)
conversation = 0x7f0b999ddf10, ssl_session = 0x7f0b999ddfb0
record: offset = 0, reported_length_remaining = 608
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 580, ssl state 0x16
association_find: UDP port 5 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 5 length 576 bytes, remaining 585
record: offset = 585, reported_length_remaining = 23
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 9, ssl state 0x16
association_find: UDP port 5 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 13 offset 590 length 5 bytes, remaining 599
record: offset = 599, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x16
association_find: UDP port 5 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 604 length 0 bytes, remaining 608
asked
22 Dec '14, 11:53
TinyTimZamboni
11●1●1●2
accept rate:
0%