Example #1
0
def handleStream(tcp):
    # Make sure this is really SSL. Sadly we can't do this in taste()
    # because there is no payload data available that early.
    data = ''
    ((src, sport), (dst, dport)) = parse_addr(tcp)
    server_dlen = tcp.server.count - tcp.server.offset
    client_dlen = tcp.client.count - tcp.client.offset
    # If we haven't identified this as SSL yet
    if tcp.stream_data['ssl'] == False:
        # Do we have enough data for checks?
        if tcp.server.count_new > 0 and server_dlen > 7:
            # Check if proxy CONNECT
            if tcp.server.data[:8] == "CONNECT ":
                if tcp.module_data['verbose']:
                    chop.tsprnt("%s:%i -> %s:%i (%i) - CONNECT (ignored)" %
                                (src, sport, dst, dport, server_dlen))
                tcp.discard(server_dlen)
                return
            # Otherwise, prepare to check if SSL handshake
            data = tcp.server.data[:3]
        # Do we have enough data for checks?
        elif tcp.client.count_new > 0 and client_dlen > 5:
            # Check if proxy CONNECT response
            if tcp.client.data[:6] == "HTTP/1":
                if tcp.module_data['verbose']:
                    chop.tsprnt("%s:%i -> %s:%i (%i) - HTTP/1 (ignored)" %
                                (src, sport, dst, dport, client_dlen))
                tcp.discard(client_dlen)
                return
            # Otherwise, prepare to check if SSL handshake
            data = tcp.client.data[:3]
        else:
            # Need more data
            return

        # We have data, so check if it is SSL Handshake.
        # There's probably more to this, but this is good enough for now.
        if data in ('\x16\x03\x00', '\x16\x03\x01', '\x16\x03\x02',
                    '\x16\x03\x03'):
            tcp.stream_data['ssl'] = True
            tcp.stream_data['chopp'] = sslimChopProtocol()
            tcp.module_data['sslim'].callback_obj = tcp.stream_data['chopp']
        else:
            if tcp.module_data['verbose']:
                chop.tsprnt("%s:%i -> %s:%i: Stopping, not really SSL!" %
                            (src, sport, dst, dport))
            tcp.module_data['sslim'].done(tcp.addr)
            tcp.stop()
            return

    # Always clear out any existing data.
    tcp.stream_data['chopp'].clientData = ''
    tcp.stream_data['chopp'].serverData = ''
    tcp.stream_data['chopp'].metadata = []

    # We have identified this connection as SSL, so just process the packets
    if tcp.server.count_new > 0:
        if tcp.module_data['verbose']:
            chop.tsprnt("%s:%s -> %s:%s (%i)" %
                        (src, sport, dst, dport,
                         len(tcp.server.data[:tcp.server.count_new])))
        try:
            tcp.module_data['sslim'].parse_to_server(
                tcp.server.data[:tcp.server.count_new], tcp.addr)
        except sslimException as e:
            if tcp.module_data['verbose']:
                chop.prnt(e)
            tcp.module_data['sslim'].done(tcp.addr)
            tcp.stop()
            return
        tcp.discard(tcp.server.count_new)
    if tcp.client.count_new > 0:
        if tcp.module_data['verbose']:
            chop.tsprnt("%s:%s -> %s:%s (%i)" %
                        (src, sport, dst, dport,
                         len(tcp.client.data[:tcp.client.count_new])))
        try:
            tcp.module_data['sslim'].parse_to_client(
                tcp.client.data[:tcp.client.count_new], tcp.addr)
        except sslimException as e:
            if tcp.module_data['verbose']:
                chop.prnt(e)
            tcp.module_data['sslim'].done(tcp.addr)
            tcp.stop()
            return
        tcp.discard(tcp.client.count_new)

    if (tcp.stream_data['chopp'].clientData
            or tcp.stream_data['chopp'].serverData
            or tcp.stream_data['chopp'].metadata):
        return tcp.stream_data['chopp']

    return
Example #2
0
def handleStream(tcp):
    # Make sure this is really SSL. Sadly we can't do this in taste()
    # because there is no payload data available that early.
    data = ''
    ((src, sport), (dst, dport)) = parse_addr(tcp)
    server_dlen = tcp.server.count - tcp.server.offset
    client_dlen = tcp.client.count - tcp.client.offset
    # If we haven't identified this as SSL yet
    if tcp.stream_data['ssl'] == False:
        # Do we have enough data for checks?
        if tcp.server.count_new > 0 and server_dlen > 7:
            # Check if proxy CONNECT
            if tcp.server.data[:8] == "CONNECT ":
                if tcp.module_data['verbose']:
                    chop.tsprnt("%s:%i -> %s:%i (%i) - CONNECT (ignored)" % (
                                src,
                                sport,
                                dst,
                                dport,
                                server_dlen))
                tcp.discard(server_dlen)
                return
            # Otherwise, prepare to check if SSL handshake
            data = tcp.server.data[:3]
        # Do we have enough data for checks?
        elif tcp.client.count_new > 0 and client_dlen > 5:
            # Check if proxy CONNECT response
            if tcp.client.data[:6] == "HTTP/1":
                if tcp.module_data['verbose']:
                    chop.tsprnt("%s:%i -> %s:%i (%i) - HTTP/1 (ignored)" % (
                                src,
                                sport,
                                dst,
                                dport,
                                client_dlen))
                tcp.discard(client_dlen)
                return
            # Otherwise, prepare to check if SSL handshake
            data = tcp.client.data[:3]
        else:
            # Need more data
            return

        # We have data, so check if it is SSL Handshake.
        # There's probably more to this, but this is good enough for now.
        if data in ('\x16\x03\x00', '\x16\x03\x01', '\x16\x03\x02', '\x16\x03\x03'):
            tcp.stream_data['ssl'] = True
            tcp.stream_data['chopp'] = sslimChopProtocol()
            tcp.module_data['sslim'].callback_obj = tcp.stream_data['chopp']
        else:
            if tcp.module_data['verbose']:
                chop.tsprnt("%s:%i -> %s:%i: Stopping, not really SSL!" % (
                            src,
                            sport,
                            dst,
                            dport))
            tcp.module_data['sslim'].done(tcp.addr)
            tcp.stop()
            return

    # Always clear out any existing data.
    tcp.stream_data['chopp'].clientData = ''
    tcp.stream_data['chopp'].serverData = ''
    tcp.stream_data['chopp'].metadata =  []

    # We have identified this connection as SSL, so just process the packets
    if tcp.server.count_new > 0:
        if tcp.module_data['verbose']:
            chop.tsprnt("%s:%s -> %s:%s (%i)" % (
                        src,
                        sport,
                        dst,
                        dport,
                        len(tcp.server.data[:tcp.server.count_new])))
        try:
            tcp.module_data['sslim'].parse_to_server(tcp.server.data[:tcp.server.count_new], tcp.addr)
        except sslimException as e:
            if tcp.module_data['verbose']:
                chop.prnt(e)
            tcp.module_data['sslim'].done(tcp.addr)
            tcp.stop()
            return
        tcp.discard(tcp.server.count_new)
    if tcp.client.count_new > 0:
        if tcp.module_data['verbose']:
            chop.tsprnt("%s:%s -> %s:%s (%i)" % (
                        src,
                        sport,
                        dst,
                        dport,
                        len(tcp.client.data[:tcp.client.count_new])))
        try:
            tcp.module_data['sslim'].parse_to_client(tcp.client.data[:tcp.client.count_new], tcp.addr)
        except sslimException as e:
            if tcp.module_data['verbose']:
                chop.prnt(e)
            tcp.module_data['sslim'].done(tcp.addr)
            tcp.stop()
            return
        tcp.discard(tcp.client.count_new)

    if (tcp.stream_data['chopp'].clientData or
        tcp.stream_data['chopp'].serverData or
        tcp.stream_data['chopp'].metadata):
        return tcp.stream_data['chopp']

    return
Example #3
0
def teardown(tcp):
    chopp = sslimChopProtocol()
    return chopp
Example #4
0
def teardown(tcp):
    chopp = sslimChopProtocol()
    return chopp