从可疑二进制文件中提取 SSL 信息
我面临以下情况:由于某些原因我必须运行某人提供的linux二进制文件。
我可以看到(至少 tcpdump 可以看到)当我运行这个二进制文件时,它正在通过 SSL 发送一些东西 - 所以我已经知道它正在做一些不应该做的事情。我的问题:是否有可能找到它在做什么?我正在考虑走两条路线:
- 尝试反编译它
- 设置我的 SSL,以便它向我提供
我已经检查过的未加密流量,并且它是静态链接的,因此第二个选项可能无法实现。
我需要强调的是,这是一次完全合法的尝试,旨在了解其他人想了解我的哪些信息。感谢您抽出时间。
I am facing the following situation: for some reasons I have to run a linux binary provided by someone.
I can see (at least tcpdump can see it) that this binary is sending something over SSL when I run it - so I already know it's doing something it shouldn't be doing. My question: is it possible to find what it's doing ? I was thinking of going two routes:
- Try to decompile it
- Set up my SSL so it feeds me unencrypted traffic
I have already checked and it's statically linked, so the second option might not be possible.
I need to stress that this is a completely legitimate attempt at trying to find out what others want to find about me. Thank you for your time.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
几乎可以肯定它与 OpenSSL 有关。
此过程可能有效:
如果没有,您需要在二进制文件中找到加密点并拦截这些调用。不幸的是,有点难。
It's almost certainty linked with OpenSSL.
This procedure might work:
If it doesn't you need to find the encryption points in the binary and intercept those calls. Kind of hard, unfortunately.
strace 它并查看它打开了哪些文件。
strace it and see which files it opens.