Hi,
I'm currently researching SSL/TLS handshakes and want to process several
events Bro provides with the SSL plugin. I've installed Bro along with
broccoli and broccoli-python and the "broping" example (from the test
directory) is working just fine. For each "ping" event I sent to Bro, a
"pong" is received and processed in my Python script.
However, in case of the SSL my callbacks are never executed. The most
simplified version looks something like this:
#! /usr/bin/env python
from broccoli import *
@event
def ssl_established(c):
print('established')bc = Connection("127.0.0.1:47760")
while True:
bc.processInput()
To my understanding I don't even have to load the SSL plugin, since it
resides within "base", but nevertheless my local.bro contains the following:
@load broping
@load base/protocols/ssl
When starting Bro and executing the Python script mentioned above,
nothing happens, even if SSL traffic is going through the interface
(and/or coming from a recorded pcap). I've also tried to register
callbacks for various other SSL related events (ssl_client_hello,
ssl_server_hello, etc.), but in no case were my callbacks invoked.
The only difference to the "broping.py" from the examples, is that I'm
not sending any events, but just want to receive them (hence I'm calling
processInput() regularly).
What am I missing here? Do I somehow need to enable the SSL
functionality within Bro? How can I further debug the problem?
Any help is very much appreciated, since I've spent a fair amount of
time on this already, with no real progress.
Thank you very much!
Best regards,
Karol Babioch