Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to use #1

Open
massimiliano-dalcero opened this issue Sep 3, 2017 · 3 comments
Open

how to use #1

massimiliano-dalcero opened this issue Sep 3, 2017 · 3 comments

Comments

@massimiliano-dalcero
Copy link

massimiliano-dalcero commented Sep 3, 2017
edited

Hi jhford :)

I found this project here:
nodejs/node#2363

This project can be very usefull for a my local project based on "electron" (https://electron.atom.io/) but I dont understand very well how to integrate it :(

Can you tell an example based on your experience ?
(I don't ask you to help me how to integrate this on my project, only how you normally use it)
:)

Very thanks
Max
@forestjohnsonpeoplenet
Copy link

forestjohnsonpeoplenet commented Nov 2, 2018
edited

I dont think it works (at least for my use case)

This was a script I wrote to patch this code into the yarn command line tool. But it doesn't work for me. Based on the comments on the original thread I don't think this method works at all.

yarnshark.sh

#!/bin/bash 

YARN_RUNTIME_LOCATION="$(dirname "$(readlink -f "$(which yarn)")")"

if [ ! -f "$YARN_RUNTIME_LOCATION/sslkeylogger.js" ]; then

  curl -s "https://raw.githubusercontent.com/forestjohnsonpeoplenet/node-https-wireshark/master/index.js" > "$YARN_RUNTIME_LOCATION/sslkeylogger.js"

fi
cp "$YARN_RUNTIME_LOCATION/yarn.js" "$YARN_RUNTIME_LOCATION/yarn.js.bak"

YARN_CLI_LINE_NUMBER="$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | grep -n -e "^ *var cli = require" | sed "s/\\([0-9][0-9]*\\):.*/\\1/")"
YARN_CLI_LINE_NUMBER=$(($YARN_CLI_LINE_NUMBER - 1))

FIRST_HALF=$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | head -n $YARN_CLI_LINE_NUMBER)
LAST_HALF=$(cat "$YARN_RUNTIME_LOCATION/yarn.js" | tail -n +$(($YARN_CLI_LINE_NUMBER + 1)) ) 

echo "$FIRST_HALF" > "$YARN_RUNTIME_LOCATION/yarn.js"
echo "require(\"./sslkeylogger\")" >> "$YARN_RUNTIME_LOCATION/yarn.js"
echo "console.log(\"This yarn is logging HTTPS session keys using https://github.com/forestjohnsonpeoplenet/node-https-wireshark\")" >> "$YARN_RUNTIME_LOCATION/yarn.js"
echo "$LAST_HALF" >> "$YARN_RUNTIME_LOCATION/yarn.js"

#echo "$YARN_RUNTIME_LOCATION/yarn.js"
#cat "$YARN_RUNTIME_LOCATION/yarn.js"

tcpdump -i any -s 65535 -w yarn.pcap &

TCPDUMP_PID=$!

SSLKEYLOGFILE="$(pwd)/SSLKEYLOG" yarn $@

kill $TCPDUMP_PID

rm "$YARN_RUNTIME_LOCATION/sslkeylogger.js"
rm "$YARN_RUNTIME_LOCATION/yarn.js"
mv "$YARN_RUNTIME_LOCATION/yarn.js.bak" "$YARN_RUNTIME_LOCATION/yarn.js"

@forestjohnsonpeoplenet
Copy link

forestjohnsonpeoplenet commented Nov 2, 2018
edited

AHAH! never mind! I actually got it to work!

The last thing I was missing: there was a space missing in the format written to the SSLKEYLOG file in betwene the session key and the master secret. After adding that space there, wireshark parses it just fine.

If you want a working example check out my above yarnshark.sh Shell Script file (shows how to inject this into an existing node app) and my fork of this repo: https://github.com/forestjohnsonpeoplenet/node-https-wireshark

@forestjohnsonpeoplenet
Copy link

Keep in mind this will only work for node apps that do require('https'); ... https.request(....)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@massimiliano-dalcero @forestjohnsonpeoplenet