on 25-Apr-2022 11:07
How many times have you had to log in to BIG-IP, copy/paste the tcpdump commands in, look at the file name, scp the file down or away, then rinse/repeat with other key files or re-capture something because you got the syntax wrong? I wanted to see how far I could take automation with efforts like this. On Last Week's episode of The Core, I walked through a proof of concept I built that does the following:
The code for this proof of concept is here on GitHub. This was prep work to begin experimenting with pyshark, scapy, and other tools to programmatically handle a lot of the "first steps" of packet analysis. Currently on the roadmap:
What would YOU do programmatically with packet captures if you could? Drop a comment below, add an idea to the issues log on GitHub, or fork the project and join me!
I have already scripted a utility here to automatically extract the pre master secrets from a tcpdump with enabled f5 sslprovider. The pre master secret file can then be used with whireshark to do the decrpytion. Decryption works with all ssl versions including tls 1.3 any any number of tcp streams.
If there is any interesst, I can share it with the community.