[SR-Users] Re: SSL key logger for Diffie-Hellman cipher

This was done using the system-provided OpenSSL (Debian 12). It might work for tlsa, but I don't know how Kamilio would respond to LD_PRELOAD affecting one of its own modules. If your curious how it works, the code is here: https://github.com/voipmonitor/sniffer/blob/master/tools/ssl_keylogger/sslk… On Fri, Feb 2, 2024 at 1:23 AM Ihor Olkhovskyi via sr-users < sr-users(a)lists.kamailio.org&gt; wrote: > Calvin, > > Thanks for sharing this, just a question, do you use system-provided > OpenSSL or tlsa ? > > Le mar. 30 janv. 2024 à 03:00, Calvin E. via sr-users < > sr-users(a)lists.kamailio.org&gt; a écrit : > >> It turns out the system I was on really >> uses /lib/systemd/system/kamailio.service, despite /etc/init.d/kamailio >> also existing. >> >> I was able to make it work by following the Systemd process: >> >> mkdir /etc/default/kamailio.d/ >> edit /etc/default/kamailio.d/voipmonitor >> add lines: >> SSLKEYLOG_UDP='127.0.0.1:1234' >> LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so >> /usr/lib/x86_64-linux-gnu/libssl.so.3" >> >> The keys are captured by the VoIPmonitor sniffer and everything works >> as expected from there. I'd be happy to explain further to anyone >> interested in this setup. >> >> On Sun, Jan 28, 2024 at 3:20 AM Sergey Safarov &lt;s.safarov(a)gmail.com&gt; >> wrote: >> >>> You can check this PR >>> https://github.com/kamailio/kamailio/pull/2785 >>> >>> On Fri, Jan 26, 2024 at 8:58 PM Calvin E. via sr-users < >>> sr-users(a)lists.kamailio.org&gt; wrote: >>> >>>> I've been tasked to use LD_PRELOAD to log SSL keys for TLS >>>> connections using a Diffie-Hellman cipher. The first attempt did not work, >>>> so I wanted to sanity check whether Kamailio's TLS support is built in such >>>> a way that would defeat LD_PRELOAD. >>>> >>>> The instructions from the vendor are to update /etc/init.d/kamailio >>>> like this: >>>> >>>> env SSLKEYLOG_UDP='127.0.0.1:1234' >>>> LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so >>>> /usr/lib/x86_64-linux-gnu/libssl.so.3" \ >>>> start-stop-daemon --start --quiet --pidfile $PIDFILE \ >>>> --exec $DAEMON -- $OPTIONS || log_failure_msg " >>>> already running" >>>> >>>> Is there anything special in Kamailio (5.7.3 on Debian 12) that >>>> would prevent this from working? Not necessarily something to defeat a >>>> keylogger, but maybe the way tls.so gets loaded? >>>> >>>> The only discrepancy I've noticed is the vendor docs refer >>>> to libssl.so.3 not libssl.so.1, but the vendor said that should be OK. >>>> >>>> I'd love to hear from someone already using VoIPmonitor >>>> with Diffie-Hellman ciphers and Kamailio. >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org >>>> Important: keep the mailing list in the recipients, do not reply >>>> only to the sender! >>>> Edit mailing list options or unsubscribe: >>>> >>> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only >> to the sender! >> Edit mailing list options or unsubscribe: >> > > > -- > Best regards, > Ihor (Igor) > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only > to the sender! > Edit mailing list options or unsubscribe: > __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: