Grep
在 TLS 中查找客戶端提供的密碼套件
我有一個任務,我需要從 pcap 文件中提取數據。這是文件的樣子:
問題是,在 TLS 中查找客戶端提供的密碼套件。我知道我正在尋找的密碼套件在初始客戶端 Hello 數據包中,但我如何找到密碼套件?
這是我到目前為止所擁有的:
tshark -r assign1.pcap | grep "Client Hello"這是我得到的輸出:
如果您使用以下開關,
tshark您可以獲得更詳細的 Client Hello 握手列表:$ tshark -r assign2.pcap -Y ssl.handshake.ciphersuites -Vx | less如果您在
less輸出中進行搜尋,/Client Hello您將找到此部分:SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 246 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 242 Version: TLS 1.2 (0x0303) Random gmt_unix_time: Mar 17, 2068 11:26:39.000000000 EDT random_bytes: 981fbf58a3116dd17c64b602e2809de75dac922eb559a0ba... Session ID Length: 0 Cipher Suites Length: 108 Cipher Suites (54 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) Cipher Suite: Unknown (0xcca9) Cipher Suite: Unknown (0xcca8) Cipher Suite: Unknown (0xccaa) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 (0x00ad) Cipher Suite: TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 (0x00ab) Cipher Suite: Unknown (0xccae) Cipher Suite: Unknown (0xccad) Cipher Suite: Unknown (0xccac) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_PSK_WITH_AES_256_GCM_SHA384 (0x00a9) Cipher Suite: Unknown (0xccab) Cipher Suite: TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 (0x00ac) Cipher Suite: TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 (0x00aa) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_PSK_WITH_AES_128_GCM_SHA256 (0x00a8) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 (0xc038) Cipher Suite: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA (0xc036) Cipher Suite: TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 (0x00b7) Cipher Suite: TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 (0x00b3) Cipher Suite: TLS_RSA_PSK_WITH_AES_256_CBC_SHA (0x0095) Cipher Suite: TLS_DHE_PSK_WITH_AES_256_CBC_SHA (0x0091) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_PSK_WITH_AES_256_CBC_SHA384 (0x00af) Cipher Suite: TLS_PSK_WITH_AES_256_CBC_SHA (0x008d) Cipher Suite: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (0xc037) Cipher Suite: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA (0xc035) Cipher Suite: TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 (0x00b6) Cipher Suite: TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 (0x00b2) Cipher Suite: TLS_RSA_PSK_WITH_AES_128_CBC_SHA (0x0094) Cipher Suite: TLS_DHE_PSK_WITH_AES_128_CBC_SHA (0x0090) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA256 (0x00ae) Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA (0x008c) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) Compression Methods Length: 1 ...參考