[Bro] Question about data format of ssl.log files
Bernhard Amann
bernhard at ICSI.Berkeley.EDU
Thu Feb 21 09:14:39 PST 2013
Hi,
sadly, the mendicant command only contains the human-readable
output of the certificate information and not the actual certificate.
There is no way to convert that back into the actual certificate
and also no way to get the certificate hashes.
Bernhard
On Feb 21, 2013, at 8:52 AM, Tim Ray <tray at 21ct.com> wrote:
> Yeah, that's true. Can we convert their public keys using the openSSL
> commands? I gave it a try but got an error early.
>
> On 2/21/13 10:07 AM, "Seth Hall" <seth at icir.org> wrote:
>
>>
>> On Feb 20, 2013, at 9:55 PM, Seth Hall <seth at icir.org> wrote:
>>
>>> On Feb 20, 2013, at 5:01 PM, Tim Ray <tray at 21ct.com> wrote:
>>>
>>>> So, the APT1 report has the certs in text format. Does Bro use that?
>>>> Or is
>>>> it all in DER?
>>
>>
>> And I just realized there is a problem now that I look at the data.
>> Mandiant didn't distribute hashes for any of the certificates. :(
>>
>> .Seth
>>
>> --
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> http://www.bro-ids.org/
>>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list