This is a tool to process logs produced by the sslkeylog utility and send them to a MongoDB instance.
cargo build --release
If your build system's glibc is different from the target one, you may encounter the following error:
sslkeylog-processor: /lib/x86_64-linux-gnu/libc.so.6: version 'GLIBC_...' not found (required by sslkeylog-processor)
To fix this you might want to build a MUSL-based static binary. Prepare the environment with the following commands:
sudo apt install musl-tools
rustup target add x86_64-unknown-linux-muslThen just use:
cargo build --release --target x86_64-unknown-linux-musl
Run the built binary to determine the command-line options. On Windows, file names support wildcard expansion, on other OSes shell expansion is expected to take care of that.
All keys are placed in the collections named <sni>@<server_ip>:<server_port>_<year><month><day> with the following schemas:
// TLS pre-1.3
{
"_id": <server_random>:BinData,
"t": <timestamp>:DateTime,
"r": <client_random>:BinData,
"i": <client_ip>:int/BinData,
"k": <premaster>:BinData,
}
// TLS 1.3:
{
"_id": <server_random>:BinData,
"t": <timestamp>:DateTime,
"r": <client_random>:BinData,
"i": <client_ip>:int/BinData,
"h": <server_handshake>:BinData,
"f": <client_handshake>:BinData,
"z": <server_0>:BinData,
"s": <client_0>:BinData,
}Each collection has the following indexes:
randomon therfield (ascending)timestampon thetfield (ascending)