[Bro] Log all client cipher suites
Harrison, Daniel (US SSA)
daniel.harrison4 at baesystems.com
Sun Jan 18 09:12:51 PST 2015
I am trying to write a script to log all client_hello cipher suites to the
ssl log, preferably in the ascii hex format as they look in the pcap. I
hacked up a similar script and got it to create the log entry but the column
shows only (empty). Any idea on how to do this? Thanks.
******************************
@load base/protocols/ssl/main
module SSL;
export {
redef record Info += {
ciphers: vector of string &log &optional;
};
## A boolean value to determine if client headers are to be
logged.
const log_ciphers = T &redef;
}
event ssl_client_hello(c: connection, version: count, possible_ts: time,
client_random: string, session_id: string, ciphers: index_vec)
{
if ( ! c?$ssl )
return;
if ( log_ciphers )
{
c$ssl$ciphers = vector();
}
}
******************************
Scott Harrison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150118/110b5cf7/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6727 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150118/110b5cf7/attachment-0001.bin
More information about the Bro
mailing list