Adds additional support for network capture decryption

[cgranleese-r7]

Note

I have updated the workflows for Postgres and LDAP to now be ran when changes are made to login scanner or TCP. In aim off avoiding what happened in #20114 were those were on ran once merged even those changes in the areas above caused the workflows to fail.

This PR combines #20114 and #20099. As #20114 was failing once merged and I decided to combine them together to make testing easier. Can be split again if preferred 👍

This pull request adds enhanced support for network capture decryption for http scanner modules as well as login scanner modules. By writing to the sslkeylogfile it enables network capture decryption which is useful to decrypt TLS traffic in Wireshark.

This is a follow on to #20024 and rapid7/rex-socket#74.

This pull request adds enhanced support for network capture decryption for login scanner modules. By writing to the sslkeylogfile it enables network capture decryption which is useful to decrypt TLS traffic in Wireshark.

This is a follow on to #20024, #20080 and rapid7/rex-socket#74.

I have also update the workflows for Postgres and LDAP to now be ran when changes are made to login scanner or TCP. In aim off avoiding what happened in #20114 were those were on ran once merged even those changes in the areas above caused the workflows to fail.

Testing

Tested against the following modules:

• scanner/acpp/login
• scanner/ftp/ftp_login
• scanner/mysql/mysql_login
• scanner/afp/afp_login
• scanner/db2/db2_auth
• scanner/mqtt/connect
• scanner/pop3/pop3_login
• scanner/telnet/brocade_enable_login
• scanner/telnet/telnet_login
• scanner/vmware/vmauthd_login
• scanner/vnc/vnc_login
• scanner/mssql/mssql_login

As well as testing completed previous here: #20080 (comment)

Verification

• Start msfconsole
• Test the changes against some scanner/*/*_login modules.
• The modules should complete
• Run ls -la and you should now see a file called sslkeylogfile.txt
• Code changes are sane

[sjanusz-r7]

LGTM 👍
For the HTTP modules, followed the steps from here: #20080 (comment)
The LDAP and other acceptance tests ran and passed on CI so 🤞 we won't get failing tests on merge now.

Tested out some of the login modules manually, and they did create the SSLKeyLogFile file with the CLIENT_RANDOM key or append to the file if it exists already with the SSL option enabled. Some that roll their own encryption algorithm like mssql and mysql weren't able to be decrypted in WireShark out of the box which is expected.

[adfoster-r7]

Looks like @sjanusz-r7 forgot to merge this, but has given his official seal of approval that this is 100% perfect 🏆

[adfoster-r7]

Release Notes

Updates multiple HTTPS modules to support a new SSLKeyLogFile option, which facilitates decrypting messages exchanged by TLS. This can be used in diagnostic and logging tools that use this file - such as Wireshark.