1 | initial version |
That looks a bit ... ugly so I set out to improve it and ran into a surprising number of PowerShell issues:
Constructing an X509Certificate2 object with a byte array is tricky, hence the complicated argument list.
# Using tshark, extract the certificate(s) to an array of hex strings. Note the display filter to select frames with a cert and the fields specifier to only output those fields and all occurrences of the field in the frame separated by a comma. The string "split" method is used to chop the output into an array of hex strings:
$h = (tshark -r input.pcapng -Y tls.handshake.certificate -T fields -e tls.handshake.certificate -E occurrence=a -E "separator=,").split(",")
# Create new X509Certificate2 objects from the hex strings
$c = $h | ForEach-Object { New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @(,[byte[]]$(Convert-HexToByte $_)) }
# Display the certs
$c
2 | No.2 Revision |
That looks a bit ... ugly ugly, so I set out to improve it and ran into a surprising number of PowerShell issues:
Constructing an X509Certificate2 object with a byte array is tricky, hence the complicated argument list.
# Using tshark, extract the certificate(s) to an array of hex strings. Note the display filter to select frames with a cert and the fields specifier to only output those fields and all occurrences of the field in the frame separated by a comma. The string "split" method is used to chop the output into an array of hex strings:
$h = (tshark -r input.pcapng -Y tls.handshake.certificate -T fields -e tls.handshake.certificate -E occurrence=a -E "separator=,").split(",")
# Create new X509Certificate2 objects from the hex strings
$c = $h | ForEach-Object { New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @(,[byte[]]$(Convert-HexToByte $_)) }
# Display the certs
$c
3 | No.3 Revision |
That looks a bit ... ugly, so I set out to improve it and ran into a surprising number of PowerShell issues:
Here's my PowerShell:
# Using tshark, extract the certificate(s) to an array of hex strings. Note the display filter to select frames with a cert and the fields specifier to only output those fields and all occurrences of the field in the frame separated by a comma. The string "split" method is used to chop the output into an array of hex $c