Package modules :: Package processing :: Module dumptls
[hide private]
[frames] | no frames]

Source Code for Module modules.processing.dumptls

 1  # Copyright (C) 2010-2014 Cuckoo Foundation. 
 2  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 3  # See the file 'docs/LICENSE' for copying permission. 
 4   
 5  import logging 
 6   
 7  from lib.cuckoo.common.abstracts import Processing 
 8   
 9  log = logging.getLogger(__name__) 
10   
11 -class TLSMasterSecrets(Processing):
12 """Cross-references TLS master secrets extracted from the monitor and key 13 information extracted from the PCAP to dump a master secrets file 14 compatible with, e.g., Wireshark.""" 15 16 order = 3 17 key = "dumptls" 18
19 - def run(self):
20 metakeys = {} 21 22 # Build server random <-> session id mapping from the PCAP. 23 if "network" in self.results and "tls" in self.results["network"]: 24 for row in self.results["network"]["tls"]: 25 metakeys[row["server_random"]] = row["session_id"] 26 27 results = {} 28 29 # Build server random <-> master secret mapping from behavioral logs. 30 summary = self.results.get("behavior", {}).get("summary", {}) 31 for entry in summary.get("tls_master", []): 32 client_random, server_random, master_secret = entry 33 34 if server_random not in metakeys: 35 log.info("Was unable to extract TLS master secret for server " 36 "random %s, skipping it.", server_random) 37 continue 38 39 results[metakeys[server_random]] = master_secret 40 41 # Write the TLS master secrets file. 42 with open(self.tlsmaster_path, "wb") as f: 43 for session_id, master_secret in sorted(results.items()): 44 print>>f, "RSA Session-ID:%s Master-Key:%s" % ( 45 session_id, master_secret)
46