Tag: tls

capture TLS/HTTPS traffic via tcpdump

only TLS traffic

tcpdump -ni eth0 "(tcp[((tcp[12] & 0xf0) >> 2)] = 0x16)"

TLS traffic with port

tcpdump -ni eth0 "tcp port 443 and (tcp[((tcp[12] & 0xf0) >> 2)] = 0x16)"

TLS traffic with host ip

tcpdump -ni eth0 "tcp host 10.10.10.10 and (tcp[((tcp[12] & 0xf0) >> 2)] = 0x16)"

Capture packets for wireshark

tcpdump -vvvv -A -i weave '((dst port 80) and (net 10.36.0.15))' -w app2.cap


sudo tcpdump -vvvv -A -i etho -w app2.cap

More : https://stackoverflow.com/questions/39624745/capture-only-ssl-handshake-with-tcpdump

https://www.wireshark.org/docs/wsug_html_chunked/AppToolstcpdump.html

Openport using NC:

nc 8888

Listen port:

nc localhost 8888

Send packet using bash:

echo -n "hello" >/dev/tcp/localhost/8888

Promethus inbuilt basic authentication and TLS

github : https://github.com/prometheus/prometheus/pull/8316

from v2.24.0 basic authentication and TLS is inbuilt into prometheus.

webconfig.yml

tls_server_config:
  cert_file: /etc/prometheus/prometheus.cert
  key_file: /etc/prometheus/prometheus.key

basic_auth_users:
  admin: $2y$12$/B1Z0Ohq/g9z/BlD30mi/uRDNdBRs/VrtAZrJDtY73Ttjc8RYHJ2O
  • Start prometheus with webconfig file
./prometheus --web.config.file=webconfig.yml
  • Prometheus will be accessible on https and with basic auth (admin/admin)
  • Password should be bcrypt encrypted – https://bcrypt-generator.com

More : https://github.com/roidelapluie/prometheus/blob/5b4f46a348ae3bc143629f25f0f997f39f30c2c2/docs/configuration/https.md