Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Still works #4

Open
jckruger opened this issue Nov 12, 2024 · 4 comments
Open

Still works #4

jckruger opened this issue Nov 12, 2024 · 4 comments

Comments

@jckruger
Copy link

jckruger commented Nov 12, 2024
edited
Loading

Hey Aaron, I've had loads of troubles getting a python server to listen on SSLv3 in either python2.7 or 3x but I have managed to get the data from mine with an eval F5 that I tuned to listen on SSLv3 and log the data.

I hadn't sent it through to a server yet but have managed to get some data.

This is the iRule I set to log the data on the F5 just so I can see it. I'll send it to a port 80 service later into a database to then consume.

when CLIENTSSL_HANDSHAKE {
    if { [SSL::cipher version] eq "SSLv3" } {
        log local0. "SSLv3 connection from [IP::client_addr]"
    }
}
when HTTP_REQUEST {
# Check if is a POST request and if so collect the payload
	if {[HTTP::method] eq "POST"}{
		if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
			set content_length [HTTP::header "Content-Length"]
		} else {
			set content_length 1048576
		}
		if { $content_length > 0} {
			HTTP::collect $content_length
		}
	}
   set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
   log local0. "============================================="
   log local0. "$LogString (request)"
   foreach aHeader [HTTP::header names] {
      log local0. "$aHeader: [HTTP::header value $aHeader]"
   }
   log local0. "============================================="

    # Log the HTTP request details
    log local0. "Request from [IP::client_addr]: [HTTP::method] [HTTP::uri]"
    
    if {[HTTP::uri] contains "/check_key.html"} {
        log local0. "Responded with 200 OK"
        event disable all
        HTTP::respond 200 -version 1.1 content "\n" Content-Type "text/html; charset=UTF-8"
        return
    }
    if {[HTTP::uri] contains "/get_key.html"} {
        log local0. "Responded with TT|a1bCDEFGHa1zZZ\n"
        event disable all
        HTTP::respond 200 -version 1.1 content "TT|a1bCDEFGHa1zZZ\n" Content-Type "text/html; charset=UTF-8"
        return
    }
    if {[HTTP::uri] eq "/"} {
        log local0. "Responded with 200 OK"
        event disable all
        HTTP::respond 200 -version 1.1 content "\n" Content-Type "text/html; charset=UTF-8"
        return
    }
}
when HTTP_REQUEST_DATA {
    log local0. "HTTP POST request from [IP::client_addr]: Payload: [HTTP::payload]"
}

This is the result:

<CLIENTSSL_HANDSHAKE>: SSLv3 connection from x.x.x.x
<HTTP_REQUEST>: =============================================
<HTTP_REQUEST>: Client x.x.x.x:2196 -> <looks almost like my mac address backwards>.h2.sensornet.info/h2 (request)
<HTTP_REQUEST>: Host: <looks almost like my mac address backwards>.h2.sensornet.info
<HTTP_REQUEST>: X-Hash: <xxxxxxxxxx>
<HTTP_REQUEST>: X-TS: 6732D0CF:352986
<HTTP_REQUEST>: X-Uptime: 432101
<HTTP_REQUEST>: X-Version: 2.3.7
<HTTP_REQUEST>: X-Mode: E1
<HTTP_REQUEST>: X-Pair: P
<HTTP_REQUEST>: Content-Type: application/eh-data
<HTTP_REQUEST>: Content-Length: 27
<HTTP_REQUEST>: X-Forwarded-For: x.x.x.x
<HTTP_REQUEST>: =============================================
<HTTP_REQUEST>: Request from x.x.x.x: POST /h2
<HTTP_REQUEST_DATA>: HTTP POST request from x.x.x.x: Payload: <SID>|0|EFCT|P1,11549.08
<CLIENTSSL_HANDSHAKE>: SSLv3 connection from x.x.x.x
<HTTP_REQUEST>: =============================================
<HTTP_REQUEST>: Client x.x.x.x:2197 -> <looks almost like my mac address backwards>.h2.sensornet.info/h2 (request)
<HTTP_REQUEST>: Host: <looks almost like my mac address backwards>.h2.sensornet.info
<HTTP_REQUEST>: X-Hash: <xxxxxxxxxx>
<HTTP_REQUEST>: X-TS: 6732D0DE:353001
<HTTP_REQUEST>: X-Uptime: 432116
<HTTP_REQUEST>: X-Version: 2.3.7
<HTTP_REQUEST>: X-Mode: E1
<HTTP_REQUEST>: X-Pair: P
<HTTP_REQUEST>: Content-Type: application/eh-data
<HTTP_REQUEST>: Content-Length: 27
<HTTP_REQUEST>: X-Forwarded-For: x.x.x.x
<HTTP_REQUEST>: =============================================
<HTTP_REQUEST>: Request from x.x.x.x: POST /h2
<HTTP_REQUEST_DATA>: HTTP POST request from x.x.x.x: Payload: <SID>|0|EFCT|P1,11549.16

Looks like the value in the payload just continues to increase so I guess you just see what the value was between the 2 timestamps
@jckruger
Copy link
Author

jckruger commented Nov 12, 2024
edited
Loading

I also recreated the cert (not sure if I needed) to added SANS with this page and added these SAN's from what the existing one has. I did leave it as key size 1024 as I'm not sure if SSLv3 has any limitations with key size.

DNS:.ble2.sensornet.info, DNS:.blt2.sensornet.info, DNS:.cad2.sensornet.info, DNS:.dev.sensornet.info, DNS:.mdb.sensornet.info, DNS:.sensornet.info, DNS:*.tfl.sensornet.info, DNS:sensornet.info

@zepollabot
Copy link

hey @jckruger are you going to release your updated version by any chance?
I'm trying to make it run on python3 but I struggle with the error

OpenSSL.SSL.Error: [('SSL routines', '', 'no cipher match')]

@jckruger
Copy link
Author

hey @jckruger are you going to release your updated version by any chance? I'm trying to make it run on python3 but I struggle with the error

OpenSSL.SSL.Error: [('SSL routines', '', 'no cipher match')]

No I didn't get Python3 working but I have used the F5 to do it and it works well. Sorry I left the Python code as I have a working solution for my needs.

I couldn't find a way to get the python 3 stuff working so abandoned it. I even tried older python but then had trouble finding repos that had all the dependencies.

I'm sure there is a way with Python3

@jckruger
Copy link
Author

This is the code I am working with if anyone is interested

1 VIP with the SSL cert attached and this iRule

when CLIENTSSL_HANDSHAKE {
    if { [SSL::cipher version] eq "SSLv3" } {
    #    log local0. "SSLv3 connection from [IP::client_addr]"
    }
}
when HTTP_REQUEST {
# Check if is a POST request and if so collect the payload
	if {[HTTP::method] eq "POST"}{
		if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
			set content_length [HTTP::header "Content-Length"]
		} else {
			set content_length 1048576
		}
		if { $content_length > 0} {
			HTTP::collect $content_length
		}
	}
  # set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
  # log local0. "============================================="
  # log local0. "$LogString (request)"
  # foreach aHeader [HTTP::header names] {
  #    log local0. "$aHeader: [HTTP::header value $aHeader]"
  # }
  # log local0. "============================================="

    # Log the HTTP request details
  #  log local0. "Request from [IP::client_addr]: [HTTP::method] [HTTP::uri]"

    if {[HTTP::uri] contains "/check_key.html"} {
    #    log local0. "Responded with 200 OK"
        event disable all
        HTTP::respond 200 -version 1.1 content "\n" noserver Content-Type "text/html; charset=UTF-8" Connection "close"
        return
    }
    if {[HTTP::uri] contains "/get_key.html"} {
    #    log local0. "Responded with TT|a1bCDEFGHa1zZZ\n"
        event disable all
        HTTP::respond 200 -version 1.1 content "TT|a1bCDEFGHa1zZZ\n" noserver Content-Type "text/html; charset=UTF-8" Connection "close"
        return
    }
    if {[HTTP::uri] eq "/"} {
    #    log local0. "Responded with 200 OK"
        event disable all
        HTTP::respond 200 -version 1.1 content "\n" noserver Content-Type "text/html; charset=UTF-8" Connection "close"
        return
    }
}
when HTTP_REQUEST_DATA {
   # log local0. "HTTP POST request from [IP::client_addr]: Payload: [HTTP::payload]"
    set totalkw [getfield [HTTP::payload] "," 2]
      # log local0. "Stuff: [lindex $fields 0]: Value2: [lindex $fields 1]"
   # log local0. "TotalKW: $totalkw"
    table add -subtable "totalkw" $totalkw "KW" indef 45
    HTTP::release
    HTTP::respond 200 -version 1.1 content "\n" Content-Type "text/html; charset=UTF-8" Connection "close"
}

There is some debugging logging you could remove
Then another VIP with this iRule to output the value to something connecting to it like Cacti

when HTTP_REQUEST {
    set totalkwstats ""
    foreach key_value [table keys -notouch -subtable "totalkw"] {
        append totalkwstats "${key_value}"
        HTTP::respond 200 -version 1.1 content $totalkwstats Content-Type "text/html; charset=utf-8"
    }
}

This can be tweaked however you like

You could use Cacti from a post a while ago [Efergy Engage Hub - Power Usage](https://forums.cacti.net/viewtopic.php?t=55314) You would just change the script to look for the text

This should then work when you connect to the second VIP with cacti

#!/bin/bash
energy=`curl 'http://xxx.xxx.xxx.xxx/'`
echo $energy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zepollabot @jckruger