27 Feb
2024
27 Feb
'24
3:32 a.m.
This was done using the system-provided OpenSSL (Debian 12). It might work
for tlsa, but I don't know how Kamilio would respond to LD_PRELOAD
affecting one of its own modules.
If your curious how it works, the code is here:
https://github.com/voipmonitor/sniffer/blob/master/tools/ssl_keylogger/sslk…
On Fri, Feb 2, 2024 at 1:23 AM Ihor Olkhovskyi via sr-users <
sr-users(a)lists.kamailio.org> wrote:
Calvin,
Thanks for sharing this, just a question, do you use system-provided
OpenSSL or tlsa ?
Le mar. 30 janv. 2024 à 03:00, Calvin E. via sr-users <
sr-users(a)lists.kamailio.org> a écrit :
It turns out the system I was on really
uses /lib/systemd/system/kamailio.service, despite /etc/init.d/kamailio
also existing.
I was able to make it work by following the Systemd process:
mkdir /etc/default/kamailio.d/
edit /etc/default/kamailio.d/voipmonitor
add lines:
SSLKEYLOG_UDP='127.0.0.1:1234'
LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so
/usr/lib/x86_64-linux-gnu/libssl.so.3"
The keys are captured by the VoIPmonitor sniffer and everything works as
expected from there. I'd be happy to explain further to anyone interested
in this setup.
On Sun, Jan 28, 2024 at 3:20 AM Sergey Safarov <s.safarov(a)gmail.com>
wrote:
--
Best regards,
Ihor (Igor)
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
You can check this PR
https://github.com/kamailio/kamailio/pull/2785
On Fri, Jan 26, 2024 at 8:58 PM Calvin E. via sr-users <
sr-users(a)lists.kamailio.org> wrote:
Kamailio - Users
Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
I've been tasked to use LD_PRELOAD to log SSL
keys for TLS connections
using a Diffie-Hellman cipher. The first attempt did not work, so I wanted
to sanity check whether Kamailio's TLS support is built in such a way that
would defeat LD_PRELOAD.
The instructions from the vendor are to update /etc/init.d/kamailio
like this:
env SSLKEYLOG_UDP='127.0.0.1:1234'
LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so
/usr/lib/x86_64-linux-gnu/libssl.so.3" \
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $OPTIONS || log_failure_msg " already
running"
Is there anything special in Kamailio (5.7.3 on Debian 12) that would
prevent this from working? Not necessarily something to defeat a keylogger,
but maybe the way tls.so gets loaded?
The only discrepancy I've noticed is the vendor docs refer
to libssl.so.3 not libssl.so.1, but the vendor said that should be OK.
I'd love to hear from someone already using VoIPmonitor
with Diffie-Hellman ciphers and Kamailio.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only
to the sender!
Edit mailing list options or unsubscribe:
__________________________________________________________