Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

rule_sslprofiler.tcl

a guest Nov 12th, 2014 115 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. when RULE_INIT {
  2.         set static::DEBUG_PMAP_SSL 0
  3. }
  4.  
  5. when CLIENT_ACCEPTED {
  6.         virtual vs_jefjos_443
  7.         TCP::collect
  8.         set clientside_datahitcounter 0
  9.         set serverside_datahitcounter 0
  10.        
  11.         array set pmap [call ProtocolProfilerInit::init_ssl]
  12. }
  13.  
  14. when CLIENT_DATA {     
  15.         set clientrecord_counter 0
  16.         incr clientside_datahitcounter
  17.  
  18.         set client_payload_in_hex ""
  19.         binary scan [TCP::payload] H* client_payload_in_hex
  20.  
  21.         # Split the payload by SSL records (put them in an array named 'potential_records')
  22.         for { set i 0 } { $i < [string length $client_payload_in_hex] } { set i [expr {$i + 2}] } {
  23.                 set clientside_potential_sslcontenttype "0x[substr $client_payload_in_hex $i 2]"
  24.                 if { [info exists static::tmap_contenttype($clientside_potential_sslcontenttype)] } {
  25.                         set clientside_potential_sslversion "0x[substr $client_payload_in_hex [expr {$i+2}] 4]"
  26.                         if { [info exists static::tmap_version($clientside_potential_sslversion)] } {
  27.                                 set clientside_potential_ssllength "[expr 0x[substr $client_payload_in_hex [expr {$i+6}] 4]]"
  28.                                 set clientside_potential_sslmessage "0x[substr $client_payload_in_hex [expr {$i+10}] 2]"
  29.                                 set clientside_potential_fullrecord "[substr $client_payload_in_hex $i [expr {10+$clientside_potential_ssllength*2}]]"
  30.                                 set clientside_potential_records($clientrecord_counter) $clientside_potential_fullrecord
  31.                                 incr clientrecord_counter
  32.                         }
  33.                 }
  34.         }
  35.  
  36.         # Run through the detected SSL records
  37.         for { set clientrecord_index 0 } { $clientrecord_index < $clientrecord_counter } { incr clientrecord_index } {
  38.                 #log local0. $clientside_potential_records($clientrecord_index)
  39.                 log -noname local0. "C->S"
  40.                 call ProtocolProfilerProcs::mapProtocol 0 $clientside_potential_records($clientrecord_index) 0 {} "" [array get pmap] $static::DEBUG_PMAP_SSL
  41.                 log -noname local0. ""
  42.                 log -noname local0. ""
  43.                 log -noname local0. ""
  44.         }
  45.        
  46.         if { [LB::status] == "up" } {
  47.                 serverside { TCP::collect }
  48.         }
  49.         TCP::release
  50.         TCP::collect
  51. }
  52.  
  53. when SERVER_CONNECTED {
  54.         TCP::collect
  55. }
  56.  
  57. when SERVER_DATA {
  58.         set serverrecord_counter 0
  59.         incr serverside_datahitcounter
  60.        
  61.         set server_payload_in_hex ""
  62.         binary scan [TCP::payload] H* server_payload_in_hex
  63.  
  64.         # Split the payload by SSL records (put them in an array named 'potential_records')
  65.         for { set i 0 } { $i < [string length $server_payload_in_hex] } { set i [expr {$i + 2}] } {
  66.                 set serverside_potential_sslcontenttype "0x[substr $server_payload_in_hex $i 2]"
  67.                 if { [info exists static::tmap_contenttype($serverside_potential_sslcontenttype)] } {
  68.                         set serverside_potential_sslversion "0x[substr $server_payload_in_hex [expr {$i+2}] 4]"
  69.                         if { [info exists static::tmap_version($serverside_potential_sslversion)] } {
  70.                                 set serverside_potential_ssllength "[expr 0x[substr $server_payload_in_hex [expr {$i+6}] 4]]"
  71.                                 set serverside_potential_sslmessage "0x[substr $server_payload_in_hex [expr {$i+10}] 2]"
  72.                                 set serverside_potential_fullrecord "[substr $server_payload_in_hex $i [expr {10+$serverside_potential_ssllength*2}]]"
  73.                                 set serverside_potential_records($serverrecord_counter) $serverside_potential_fullrecord
  74.                                 incr serverrecord_counter
  75.                         }
  76.                 }
  77.         }
  78.  
  79.         # Run through the detected SSL records
  80.         for { set serverrecord_index 0 } { $serverrecord_index < $serverrecord_counter } { incr serverrecord_index } {
  81.                 #log local0. $serverside_potential_records($serverrecord_index)
  82.                 log -noname local0. "S->C"
  83.                 call ProtocolProfilerProcs::mapProtocol 0 $serverside_potential_records($serverrecord_index) 0 {} "" [array get pmap] $static::DEBUG_PMAP_SSL
  84.                 log -noname local0. ""
  85.                 log -noname local0. ""
  86.                 log -noname local0. ""
  87.         }
  88.        
  89.         TCP::release
  90.         clientside { TCP::collect }
  91.         TCP::collect
  92. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top