kern: support openssl 3.2.x , change ssl_st to ssl_connection_st #472
+523
−6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ate more OFFSETS. Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
cfc4n
added
documentation
测试 Tests类库使用
The library uses the source code in the
text modesudo bin/ecapture tls --libssl=/home/cfc4n/project/ecapture/deps/openssl/libssl.so.3 --ssl_version="openssl 3.2.0"
tls_2024/01/28 13:11:17 ECAPTURE :: ecapture Version : linux_aarch64:0.7.2-20240128-f368e82:[CORE]
tls_2024/01/28 13:11:17 ECAPTURE :: Pid Info : 232993
tls_2024/01/28 13:11:17 ECAPTURE :: Kernel Info : 5.15.131
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL module initialization
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL master key keylogger:
tls_2024/01/28 13:11:17 ECAPTURE :: Module.Run()
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL Text MODEL
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL OpenSSL/BoringSSL version: openssl 3.2.0
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL HOOK type:2, binrayPath:/home/cfc4n/project/ecapture/deps/openssl/libssl.so.3
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL Hook masterKey function:[SSL_get_wbio SSL_in_before SSL_do_handshake]
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL libPthread:/lib/aarch64-linux-gnu/libc.so.6
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL target all process.
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL target all users.
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL BPF bytecode filename:user/bytecode/openssl_3_2_0_kern.o
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL perfEventReader created. mapSize:4 MB
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL perfEventReader created. mapSize:4 MB
tls_2024/01/28 13:11:17 EBPFProbeOPENSSL module started successfully.
tls_2024/01/28 13:11:17 ECAPTURE :: start 1 modules
tls_2024/01/28 13:13:15 UUID:233406_233406_openssl_client_3_1, Name:HTTPRequest, Type:1, Length:39
tls_2024/01/28 13:13:15
GET / HTTP/1.1
Host: www.cnxct.com
tls_2024/01/28 13:13:15 UUID:233406_233406_openssl_client_3_0, Name:HTTPResponse, Type:3, Length:932
tls_2024/01/28 13:13:15
HTTP/1.1 200 OK
Content-Length: 612
Accept-Ranges: bytes
Connection: keep-alive
Content-Type: text/html
Date: Sun, 28 Jan 2024 13:13:14 GMT
Etag: "65b4d88f-264"
Last-Modified: Sat, 27 Jan 2024 10:18:55 GMT
Server: nginx/1.18.0 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
^Ctls_2024/01/28 13:13:21 EBPFProbeOPENSSL close.
tls_2024/01/28 13:13:21 EBPFProbeOPENSSL closekeylog modesudo bin/ecapture tls --libssl=/home/cfc4n/project/ecapture/deps/openssl/libssl.so.3 --ssl_version="openssl 3.2.0" -m keylog
tls_2024/01/28 13:13:25 ECAPTURE :: ecapture Version : linux_aarch64:0.7.2-20240128-f368e82:[CORE]
tls_2024/01/28 13:13:25 ECAPTURE :: Pid Info : 233551
tls_2024/01/28 13:13:25 ECAPTURE :: Kernel Info : 5.15.131
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL module initialization
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL master key keylogger: ecapture_openssl_key.og
tls_2024/01/28 13:13:25 ECAPTURE :: Module.Run()
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL Keylog MODEL
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL OpenSSL/BoringSSL version: openssl 3.2.0
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL HOOK type:2, binrayPath:/home/cfc4n/project/ecapture/deps/openssl/libssl.so.3
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL Hook masterKey function:[SSL_get_wbio SSL_in_before SSL_do_handshake]
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL target all process.
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL target all users.
tls_2024/01/28 13:13:25 EBPFProbeOPENSSL BPF bytecode filename:user/bytecode/openssl_3_2_0_kern.o
tls_2024/01/28 13:13:26 EBPFProbeOPENSSL perfEventReader created. mapSize:4 MB
tls_2024/01/28 13:13:26 EBPFProbeOPENSSL module started successfully.
tls_2024/01/28 13:13:26 ECAPTURE :: start 1 modules
tls_2024/01/28 13:13:29 EBPFProbeOPENSSL TLS1_2_VERSION: save CLIENT_RANDOM 98e7c033008797a9b8c3419841b2a3385be63dfde5f36a957f92f430d9eb2680 to file success, 176 bytes
^Ctls_2024/01/28 13:13:35 EBPFProbeOPENSSL close.
tls_2024/01/28 13:13:35 EBPFProbeOPENSSL close |
* When calling `SSL_connect` in the OpenSSL library in a client role or `SSL_accept` in a server role, the execution flow ultimately enters the `state_machine` function in `ssl/statem/statem.c` for TLS handshake. * Therefore, the optional scope is functions within this `state_machine` function that start with an uppercase `SSL`. * When using OpenSSL synchronously, a successful TLS handshake returns 1, i.e., `ret = 1`. Thus, after this variable is assigned, the called functions can obtain the desired memory data. * Under this premise, the only function within the `state_machine` function that meets the requirements is `SSL_get_wbio`. * Adding an alternate HOOK function, `SSL_in_before`, to the scope. Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
see readme.md for more detail. Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
Optimized OpenSSL 3.2 offset generation scripts. SSL_CONNECTION types of ssl_st are not supported at this time. More info: #472 Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
…lue. Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
feat: #464
add the offset generation script.