search

jhford / node-https-wireshark

4 stars 1 forks source link

how to use #1

Open massimiliano-dalcero opened 7 years ago

massimiliano-dalcero commented 7 years ago

Hi jhford :)

I found this project here: https://github.com/nodejs/node/issues/2363

This project can be very usefull for a my local project based on "electron" (https://electron.atom.io/) but I dont understand very well how to integrate it :(

Can you tell an example based on your experience ? (I don't ask you to help me how to integrate this on my project, only how you normally use it) :)

Very thanks Max

forestjohnsonpeoplenet commented 6 years ago

I dont think it works (at least for my use case)

This was a script I wrote to patch this code into the yarn command line tool. But it doesn't work for me. Based on the comments on the original thread I don't think this method works at all.

yarnshark.sh

#!/bin/bash 

YARN_RUNTIME_LOCATION="$(dirname "$(readlink -f "$(which yarn)")")"

if [ ! -f "$YARN_RUNTIME_LOCATION/sslkeylogger.js" ]; then

  curl -s "https://raw.githubusercontent.com/forestjohnsonpeoplenet/node-https-wireshark/master/index.js" > "$YARN_RUNTIME_LOCATION/sslkeylogger.js"

fi
cp "$YARN_RUNTIME_LOCATION/yarn.js" "$YARN_RUNTIME_LOCATION/yarn.js.bak"

YARN_CLI_LINE_NUMBER="$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | grep -n -e "^ *var cli = require" | sed "s/\\([0-9][0-9]*\\):.*/\\1/")"
YARN_CLI_LINE_NUMBER=$(($YARN_CLI_LINE_NUMBER - 1))

FIRST_HALF=$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | head -n $YARN_CLI_LINE_NUMBER)
LAST_HALF=$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | tail -n +$(($YARN_CLI_LINE_NUMBER + 1)) ) 

echo "$FIRST_HALF" > "$YARN_RUNTIME_LOCATION/yarn.js"
echo "require(\"./sslkeylogger\")" >> "$YARN_RUNTIME_LOCATION/yarn.js"
echo "console.log(\"This yarn is logging HTTPS session keys using https://github.com/forestjohnsonpeoplenet/node-https-wireshark\")" >> "$YARN_RUNTIME_LOCATION/yarn.js"
echo "$LAST_HALF" >> "$YARN_RUNTIME_LOCATION/yarn.js"

#echo "$YARN_RUNTIME_LOCATION/yarn.js"
#cat "$YARN_RUNTIME_LOCATION/yarn.js"

tcpdump -i any -s 65535 -w yarn.pcap &

TCPDUMP_PID=$!

SSLKEYLOGFILE="$(pwd)/SSLKEYLOG" yarn $@

kill $TCPDUMP_PID

rm "$YARN_RUNTIME_LOCATION/sslkeylogger.js"
rm "$YARN_RUNTIME_LOCATION/yarn.js"
mv "$YARN_RUNTIME_LOCATION/yarn.js.bak" "$YARN_RUNTIME_LOCATION/yarn.js"
forestjohnsonpeoplenet commented 6 years ago

AHAH! never mind! I actually got it to work!

The last thing I was missing: there was a space missing in the format written to the SSLKEYLOG file in betwene the session key and the master secret. After adding that space there, wireshark parses it just fine.

If you want a working example check out my above yarnshark.sh Shell Script file (shows how to inject this into an existing node app) and my fork of this repo: https://github.com/forestjohnsonpeoplenet/node-https-wireshark

forestjohnsonpeoplenet commented 6 years ago

Keep in mind this will only work for node apps that do require('https'); ... https.request(....)