1
2
3
4
5 import logging
6
7 from lib.cuckoo.common.abstracts import Processing
8
9 log = logging.getLogger(__name__)
10
12 """Cross-references TLS master secrets extracted from the monitor and key
13 information extracted from the PCAP to dump a master secrets file
14 compatible with, e.g., Wireshark."""
15
16 order = 3
17 key = "dumptls"
18
20 metakeys = {}
21
22
23 if "network" in self.results and "tls" in self.results["network"]:
24 for row in self.results["network"]["tls"]:
25 metakeys[row["server_random"]] = row["session_id"]
26
27 results = {}
28
29
30 summary = self.results.get("behavior", {}).get("summary", {})
31 for entry in summary.get("tls_master", []):
32 client_random, server_random, master_secret = entry
33
34 if server_random not in metakeys:
35 log.info("Was unable to extract TLS master secret for server "
36 "random %s, skipping it.", server_random)
37 continue
38
39 results[metakeys[server_random]] = master_secret
40
41
42 with open(self.tlsmaster_path, "wb") as f:
43 for session_id, master_secret in sorted(results.items()):
44 print>>f, "RSA Session-ID:%s Master-Key:%s" % (
45 session_id, master_secret)
46