69 lines
1.9 KiB
Bash
69 lines
1.9 KiB
Bash
|
#!/bin/bash -e
|
||
|
#
|
||
|
# Capture ESXi traffic and decrypt SOAP traffic on port 443 via wireshark
|
||
|
|
||
|
# Device to capture
|
||
|
dev="${1-vmk0}"
|
||
|
|
||
|
# Device to get the ip for wireshark ssl_keys config
|
||
|
if [ "$dev" = "lo0" ] ; then
|
||
|
ip_dev="vmk0"
|
||
|
else
|
||
|
ip_dev="$dev"
|
||
|
fi
|
||
|
|
||
|
ip=$(govc host.info -k -json | \
|
||
|
jq -r ".HostSystems[].Config.Network.Vnic[] | select(.Device == \"${ip_dev}\") | .Spec.Ip.IpAddress")
|
||
|
|
||
|
scp=(scp)
|
||
|
ssh=(ssh)
|
||
|
|
||
|
# Check if vagrant ssh-config applies to $ip
|
||
|
if [ -d ".vagrant" ] ; then
|
||
|
vssh_opts=($(vagrant ssh-config | awk NF | awk -v ORS=' ' '{print "-o " $1 "=" $2}'))
|
||
|
if grep "HostName=${ip}" >/dev/null <<<"${vssh_opts[*]}" ; then
|
||
|
ssh_opts=("${vssh_opts[@]}")
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
# Otherwise, use default ssh opts + sshpass if available
|
||
|
if [ ${#ssh_opts[@]} -eq 0 ] ; then
|
||
|
userpass=$(awk -F// '{print $NF}' <<<"$GOVC_URL" | awk -F@ '{print $1}')
|
||
|
username=$(awk -F: '{print $1}' <<<"$userpass")
|
||
|
password=$(awk -F: '{print $2}' <<<"$userpass")
|
||
|
|
||
|
ssh_opts=(-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=FATAL -o User=${username})
|
||
|
|
||
|
if [ -x "$(which sshpass)" ] ; then
|
||
|
if [ -z "$password" ] ; then
|
||
|
password="$GOVC_PASSWORD"
|
||
|
fi
|
||
|
scp=(sshpass -p $password scp)
|
||
|
ssh=(sshpass -p $password ssh)
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
if [ "$dev" != "lo0" ] ; then
|
||
|
# If you change this filter, be sure to exclude the ssh port (not tcp port 22)
|
||
|
filter="host $ip and \(port 80 or port 443\)"
|
||
|
|
||
|
dst="$HOME/.wireshark/rui-${ip}.key"
|
||
|
if [ ! -f "$dst" ] ; then
|
||
|
# Copy key from ESX
|
||
|
"${scp[@]}" "${ssh_opts[@]}" "${ip}:/etc/vmware/ssl/rui.key" "$dst"
|
||
|
fi
|
||
|
|
||
|
if ! grep "$ip" ~/.wireshark/ssl_keys 2>/dev/null ; then
|
||
|
# Add key to wireshark ssl_keys config
|
||
|
echo "adding rui.key for $ip"
|
||
|
|
||
|
cat <<EOF >> ~/.wireshark/ssl_keys
|
||
|
"$ip","443","http","$dst",""
|
||
|
EOF
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
echo "Capturing $dev on $ip..."
|
||
|
|
||
|
"${ssh[@]}" "${ssh_opts[@]}" "$ip" tcpdump-uw -i "$dev" -s0 -v -w - "$filter" | wireshark -k -i -
|