Still works #4
Description
Hey Aaron, I've had loads of troubles getting a python server to listen on SSLv3 in either python2.7 or 3x but I have managed to get the data from mine with an eval F5 that I tuned to listen on SSLv3 and log the data.
I hadn't sent it through to a server yet but have managed to get some data.
This is the iRule I set to log the data on the F5 just so I can see it. I'll send it to a port 80 service later into a database to then consume.
when CLIENTSSL_HANDSHAKE {
if { [SSL::cipher version] eq "SSLv3" } {
log local0. "SSLv3 connection from [IP::client_addr]"
}
}
when HTTP_REQUEST {
# Check if is a POST request and if so collect the payload
if {[HTTP::method] eq "POST"}{
if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
if { $content_length > 0} {
HTTP::collect $content_length
}
}
set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
log local0. "============================================="
log local0. "$LogString (request)"
foreach aHeader [HTTP::header names] {
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
log local0. "============================================="
# Log the HTTP request details
log local0. "Request from [IP::client_addr]: [HTTP::method] [HTTP::uri]"
if {[HTTP::uri] contains "/check_key.html"} {
log local0. "Responded with 200 OK"
event disable all
HTTP::respond 200 -version 1.1 content "\n" Content-Type "text/html; charset=UTF-8"
return
}
if {[HTTP::uri] contains "/get_key.html"} {
log local0. "Responded with TT|a1bCDEFGHa1zZZ\n"
event disable all
HTTP::respond 200 -version 1.1 content "TT|a1bCDEFGHa1zZZ\n" Content-Type "text/html; charset=UTF-8"
return
}
if {[HTTP::uri] eq "/"} {
log local0. "Responded with 200 OK"
event disable all
HTTP::respond 200 -version 1.1 content "\n" Content-Type "text/html; charset=UTF-8"
return
}
}
when HTTP_REQUEST_DATA {
log local0. "HTTP POST request from [IP::client_addr]: Payload: [HTTP::payload]"
}
This is the result:
<CLIENTSSL_HANDSHAKE>: SSLv3 connection from x.x.x.x
<HTTP_REQUEST>: =============================================
<HTTP_REQUEST>: Client x.x.x.x:2196 -> <looks almost like my mac address backwards>.h2.sensornet.info/h2 (request)
<HTTP_REQUEST>: Host: <looks almost like my mac address backwards>.h2.sensornet.info
<HTTP_REQUEST>: X-Hash: <xxxxxxxxxx>
<HTTP_REQUEST>: X-TS: 6732D0CF:352986
<HTTP_REQUEST>: X-Uptime: 432101
<HTTP_REQUEST>: X-Version: 2.3.7
<HTTP_REQUEST>: X-Mode: E1
<HTTP_REQUEST>: X-Pair: P
<HTTP_REQUEST>: Content-Type: application/eh-data
<HTTP_REQUEST>: Content-Length: 27
<HTTP_REQUEST>: X-Forwarded-For: x.x.x.x
<HTTP_REQUEST>: =============================================
<HTTP_REQUEST>: Request from x.x.x.x: POST /h2
<HTTP_REQUEST_DATA>: HTTP POST request from x.x.x.x: Payload: <SID>|0|EFCT|P1,11549.08
<CLIENTSSL_HANDSHAKE>: SSLv3 connection from x.x.x.x
<HTTP_REQUEST>: =============================================
<HTTP_REQUEST>: Client x.x.x.x:2197 -> <looks almost like my mac address backwards>.h2.sensornet.info/h2 (request)
<HTTP_REQUEST>: Host: <looks almost like my mac address backwards>.h2.sensornet.info
<HTTP_REQUEST>: X-Hash: <xxxxxxxxxx>
<HTTP_REQUEST>: X-TS: 6732D0DE:353001
<HTTP_REQUEST>: X-Uptime: 432116
<HTTP_REQUEST>: X-Version: 2.3.7
<HTTP_REQUEST>: X-Mode: E1
<HTTP_REQUEST>: X-Pair: P
<HTTP_REQUEST>: Content-Type: application/eh-data
<HTTP_REQUEST>: Content-Length: 27
<HTTP_REQUEST>: X-Forwarded-For: x.x.x.x
<HTTP_REQUEST>: =============================================
<HTTP_REQUEST>: Request from x.x.x.x: POST /h2
<HTTP_REQUEST_DATA>: HTTP POST request from x.x.x.x: Payload: <SID>|0|EFCT|P1,11549.16
Looks like the value in the payload just continues to increase so I guess you just see what the value was between the 2 timestamps