can not extract ssl cert from pcap file?

[n0pn0pn0p]

Hello, i want to extract ssl cerificates from pcap file, and i use ./dist/certgrep-darwin-amd64 -p ~/Desktop/test.pcap --format pem , but there was not output and no error.

[kung-foo]

hmm, I admittedly have not touched this code in years. I pulled it down and updated it to handle a "modern" go version. I ran both in live capture and offline modes and it seemed to still work.

Does it work for the test files in the repo? For example:

➜  certgrep git:(develop) ✗ ./dist/certgrep-linux-amd64 -v -p testdata/sess_test_1.pcapng
2021-11-12T15:35:32.243+0100	INFO	certgrep	certgrep/extractor.go:86	setting output dir to: /home/jonathan/src/certgrep/certs/2021-11-12T14_35_32Z
2021-11-12T15:35:32.244+0100	DEBUG	certgrep.reader.stream	certgrep/reader.go:163	flowidx:1 flowhash:e60c603339a44364 client:107.21.216.112 server:192.168.5.136 port:34567 header:16030100e8010000e40302551e460089
2021-11-12T15:35:32.244+0100	DEBUG	certgrep.reader.stream	certgrep/reader.go:163	flowidx:2 flowhash:e60c603339a44364 client:192.168.5.136 server:107.21.216.112 port:443 header:16030200310200002d0302ebd2cdee20
2021-11-12T15:35:32.245+0100	DEBUG	certgrep.reader.stream	certgrep/reader.go:144	flowidx:2 flowhash:e60c603339a44364 client:192.168.5.136 server:107.21.216.112 port:443 DiscardBytesToEOF:883
2021-11-12T15:35:32.745+0100	DEBUG	certgrep	certgrep/extractor.go:108	last packet, goodbye.
2021-11-12T15:35:32.745+0100	INFO	certgrep	certgrep/extractor.go:168	capture time: 1 seconds
2021-11-12T15:35:32.745+0100	INFO	certgrep	certgrep/extractor.go:169	capture size: 5047 bytes
2021-11-12T15:35:32.745+0100	INFO	certgrep	certgrep/extractor.go:173	average capture rate: 63.155 Kbit/s
2021-11-12T15:35:32.745+0100	INFO	certgrep	certgrep/extractor.go:179	pps: 58