From 809ae44a95b6c22846e7c8e1891550c6779b1e49 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Tue, 1 Sep 2015 16:32:36 +0200 Subject: Sniff data packet --- main.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/main.go b/main.go index e0b8dcf..d1c79f8 100644 --- a/main.go +++ b/main.go @@ -35,21 +35,23 @@ func (d Direction) String() string { } type Data struct { - Key *rsa.PublicKey - Rnd []byte + Key *rsa.PublicKey + Rnd []byte + Data []byte } func (d Data) String() string { s := fmt.Sprintf("N: %v\n", d.Key.N) s += fmt.Sprintf("E: %v\n", d.Key.E) s += fmt.Sprintf("R: %x\n", d.Rnd) + s += fmt.Sprintf("D: %x\n", d.Data) return s } var data = make(map[Direction]Data) func (dir Direction) sniffCert(b []byte) error { - if i := bytes.Index(b, []byte{0x30, 0x82, 0x04, 0x2f}); i > 0 { + if i := bytes.Index(b, []byte{0x30, 0x82, 0x04, 0x2f}); i >= 0 { cert := b[i : i+1075] crt, err := x509.ParseCertificate(cert) if err != nil { @@ -71,6 +73,15 @@ func (dir Direction) sniffRnd(b []byte) error { return nil } +func (dir Direction) sniffData(b []byte) error { + if i := bytes.Index(b, []byte{0x17, 0x03, 0x03, 0x00}); i >= 0 { + d := data[dir] + d.Data = b[i+5 : i+5+77] + data[dir] = d + } + return nil +} + // Remove DHE_RSA Chifers in Client Hello // altering any value leads to Handshake Failure after Cert Verify ??? func downgrade(b []byte) int { @@ -112,6 +123,7 @@ func (dir Direction) sniff(src, dst net.Conn, wg *sync.WaitGroup) { fmt.Println(hex.Dump(pkg)) dir.sniffCert(pkg) + dir.sniffData(pkg) _, err = dst.Write(pkg) if err != nil { -- cgit v1.2.3