scapy.layers.tls.handshake

TLS握手字段和逻辑.

This module covers the handshake TLS subprotocol, except for the key exchange mechanisms which are addressed with keyexchange.py.

class scapy.layers.tls.handshake.SupDataEntry

Bases: scapy.packet.Packet

aliastypes
fields_desc
SupDataEntry字段

sdtype

ShortField

None

len

FieldLenField

None

data

StrLenField

b''

guess_payload_class(p)
class scapy.layers.tls.handshake.SupDataEntryUM

Bases: scapy.packet.Packet

aliastypes
fields_desc
SupDataEntryUM字段

sdtype

ShortField

None

len

FieldLenField

None

dlen

FieldLenField

None

data

PacketListField

[]

guess_payload_class(p)
class scapy.layers.tls.handshake.TLS13Certificate(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLS13证书字段

msgtype

ByteEnumField

11

msglen

ThreeBytesField

None

cert_req_ctxt_len

FieldLenField

None

cert_req_ctxt

StrLenField

b''

certslen

_ASN1CertLenField

None

certs

_ASN1CertAndExtListField

[]

post_dissection_tls_session_update(msg_str)
class scapy.layers.tls.handshake.TLS13CertificateRequest(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLS13CertificateRequest字段

msgtype

ByteEnumField

13

msglen

ThreeBytesField

None

cert_req_ctxt_len

FieldLenField

None

cert_req_ctxt

StrLenField

b''

extlen

_ExtensionsLenField

None

ext

_ExtensionsField

None

class scapy.layers.tls.handshake.TLS13ClientHello(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

TLS 1.3 ClientHello,具有处理扩展功能.

随机结构是32个随机字节,没有任何GMT时间

aliastypes
fields_desc
TLS13ClientHello字段

msgtype

ByteEnumField

1

msglen

ThreeBytesField

None

version

_TLSClientVersionField

None

random_bytes

_TLSRandomBytesField

None

sidlen

FieldLenField

None

sid

_SessionIDField

b''

cipherslen

FieldLenField

None

ciphers

_CipherSuitesField

None

complen

FieldLenField

None

comp

_CompressionMethodsField

[0]

extlen

_ExtensionsLenField

None

ext

_ExtensionsField

None

post_build(p, pay)
tls_session_update(msg_str)

无论是解析还是构建,我们都将client_random和代表此握手消息的原始字符串一起存储.

class scapy.layers.tls.handshake.TLS13EndOfEarlyData(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLS13EndOfEarlyData字段

msgtype

ByteEnumField

5

msglen

ThreeBytesField

None

class scapy.layers.tls.handshake.TLS13HelloRetryRequest(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
build()
fields_desc
TLS13HelloRetryRequest字段

msgtype

ByteEnumField

2

msglen

ThreeBytesField

None

version

_TLSVersionField

771

random_bytes

_TLSRandomBytesField

None

sidlen

FieldLenField

None

sid

_SessionIDField

b''

cipher

EnumField

None

comp

_CompressionMethodsField

[0]

extlen

_ExtensionsLenField

None

ext

_ExtensionsField

None

tls_session_update(msg_str)
class scapy.layers.tls.handshake.TLS13KeyUpdate(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLS13KeyUpdate字段

msgtype

ByteEnumField

24

msglen

ThreeBytesField

None

request_update

ByteEnumField

0

class scapy.layers.tls.handshake.TLS13NewSessionTicket(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

取消注释TicketField行以解析RFC 5077票证.

aliastypes
fields_desc
TLS13NewSessionTicket字段

msgtype

ByteEnumField

4

msglen

ThreeBytesField

None

ticket_lifetime

IntField

4294967295

ticket_age_add

IntField

0

noncelen

FieldLenField

None

ticket_nonce

StrLenField

b''

ticketlen

FieldLenField

None

ticket

StrLenField

b''

extlen

_ExtensionsLenField

None

ext

_ExtensionsField

None

post_dissection_tls_session_update(msg_str)
class scapy.layers.tls.handshake.TLS13ServerHello(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

TLS 1.3服务器

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
TLS13ServerHello字段

msgtype

ByteEnumField

2

msglen

ThreeBytesField

None

version

_TLSVersionField

771

random_bytes

_TLSRandomBytesField

None

sidlen

FieldLenField

None

sid

_SessionIDField

b''

cipher

EnumField

None

comp

_CompressionMethodsField

[0]

extlen

_ExtensionsLenField

None

ext

_ExtensionsField

None

post_build(p, pay)
tls_session_update(msg_str)

无论是解析还是构建,我们都将server_random和代表此握手消息的原始字符串一起存储. 我们还存储密码套件(如果已识别),最后我们实例化写入和读取连接状态.

class scapy.layers.tls.handshake.TLSCertificate(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

XXX我们不支持RFC 5081,即OpenPGP证书.

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
TLS证书字段

msgtype

ByteEnumField

11

msglen

ThreeBytesField

None

certslen

_ASN1CertLenField

None

certs

_ASN1CertListField

[]

post_dissection_tls_session_update(msg_str)
class scapy.layers.tls.handshake.TLSCertificateRequest(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLSCertificateRequest字段

msgtype

ByteEnumField

13

msglen

ThreeBytesField

None

ctypeslen

FieldLenField

None

ctypes

_CertTypesField

[1, 64]

sig_algs_len

SigAndHashAlgsLenField

None

sig_algs

SigAndHashAlgsField

[1027, 1025, 513]

certauthlen

FieldLenField

None

certauth

_CertAuthoritiesField

[]

class scapy.layers.tls.handshake.TLSCertificateStatus(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLSCertificateStatus字段

msgtype

ByteEnumField

22

msglen

ThreeBytesField

None

status_type

ByteEnumField

1

responselen

ThreeBytesLenField

None

response

_StatusField

None

class scapy.layers.tls.handshake.TLSCertificateURL(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

在RFC 4366中定义.第8节的PkiPath结构尚未实现.

aliastypes
fields_desc
TLSCertificateURL字段

msgtype

ByteEnumField

21

msglen

ThreeBytesField

None

certchaintype

ByteEnumField

None

uahlen

FieldLenField

None

uah

PacketListField

[]

class scapy.layers.tls.handshake.TLSCertificateVerify(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
build(*args, **kargs)
fields_desc
TLSCertificateVerify字段

msgtype

ByteEnumField

15

msglen

ThreeBytesField

None

sig

_TLSSignatureField

None

post_dissection(pkt)
class scapy.layers.tls.handshake.TLSClientHello(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

TLS ClientHello,具有处理扩展功能.

随机结构遵循RFC 5246:虽然长度为32字节,但许多实现都将前4个字节用作gmt_unix_time,然后其余28个字节应该是完全随机的. 这样做是为了减轻(某种)损坏的RNG. 如果您希望在没有任何格林尼治标准时间的情况下显示完整的32个随机字节,则只需在下面的行中注释/删除即可.

aliastypes
fields_desc
TLSClientHello字段

msgtype

ByteEnumField

1

msglen

ThreeBytesField

None

version

_TLSClientVersionField

None

gmt_unix_time

_GMTUnixTimeField

None

random_bytes

_TLSRandomBytesField

None

sidlen

FieldLenField

None

sid

_SessionIDField

b''

cipherslen

FieldLenField

None

ciphers

_CipherSuitesField

None

complen

FieldLenField

None

comp

_CompressionMethodsField

[0]

extlen

_ExtensionsLenField

None

ext

_ExtensionsField

None

post_build(p, pay)
tls_session_update(msg_str)

无论是解析还是构建,我们都将client_random和代表此握手消息的原始字符串一起存储.

class scapy.layers.tls.handshake.TLSClientKeyExchange(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

该类的工作方式与TLSServerKeyExchange及其" params"字段类似.

aliastypes
build(*args, **kargs)
fields_desc
TLSClientKeyExchange字段

msgtype

ByteEnumField

16

msglen

ThreeBytesField

None

exchkeys

_TLSCKExchKeysField

None

class scapy.layers.tls.handshake.TLSEncryptedExtensions(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLSEncryptedExtensions字段

msgtype

ByteEnumField

8

msglen

ThreeBytesField

None

extlen

_ExtensionsLenField

None

ext

_ExtensionsField

None

post_build_tls_session_update(msg_str)
post_dissection_tls_session_update(msg_str)
class scapy.layers.tls.handshake.TLSFinished(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
build(*args, **kargs)
fields_desc
TLS完成字段

msgtype

ByteEnumField

20

msglen

ThreeBytesField

None

vdata

_VerifyDataField

None

post_build_tls_session_update(msg_str)
post_dissection(pkt)
post_dissection_tls_session_update(msg_str)
class scapy.layers.tls.handshake.TLSHelloRequest(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLSHelloRequest字段

msgtype

ByteEnumField

0

msglen

ThreeBytesField

None

tls_session_update(msg_str)

不应将消息添加到将在完成消息和证书验证消息中散列的握手消息列表中.

class scapy.layers.tls.handshake.TLSHelloVerifyRequest(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

为DTLS定义,请参阅RFC 6347.

aliastypes
fields_desc
TLSHelloVerifyRequest字段

msgtype

ByteEnumField

21

msglen

ThreeBytesField

None

cookielen

FieldLenField

None

cookie

StrLenField

b''

class scapy.layers.tls.handshake.TLSNewSessionTicket(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

XXX当知道正确的秘密时,我们应该能够阅读票证.

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
TLSNewSessionTicket字段

msgtype

ByteEnumField

4

msglen

ThreeBytesField

None

lifetime

IntField

4294967295

ticketlen

FieldLenField

None

ticket

StrLenField

b''

post_dissection_tls_session_update(msg_str)
class scapy.layers.tls.handshake.TLSServerHello(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

TLS ServerHello,具有处理扩展功能.

随机结构遵循RFC 5246:虽然长度为32字节,但许多实现都将前4个字节用作gmt_unix_time,然后其余28个字节应该是完全随机的. 这样做是为了减轻(某种)损坏的RNG. 如果您希望在没有任何格林尼治标准时间的情况下显示完整的32个随机字节,则只需在下面的行中注释/删除即可.

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
TLSServerHello字段

msgtype

ByteEnumField

2

msglen

ThreeBytesField

None

version

_TLSVersionField

None

gmt_unix_time

_GMTUnixTimeField

None

random_bytes

_TLSRandomBytesField

None

sidlen

FieldLenField

None

sid

_SessionIDField

b''

cipher

EnumField

None

comp

_CompressionMethodsField

[0]

extlen

_ExtensionsLenField

None

ext

_ExtensionsField

None

post_build(p, pay)
tls_session_update(msg_str)

无论是解析还是构建,我们都将server_random和代表此握手消息的原始字符串一起存储. 我们还存储session_id,密码套件(如果已识别),压缩方法,最后实例化未决的写和读连接状态. 通常,当我们学习会话密钥时,它们会在协商的稍后阶段进行更新,最终,一旦发送/接收ChangeCipherSpec,它们就会被提交.

class scapy.layers.tls.handshake.TLSServerHelloDone(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLSServerHelloDone字段

msgtype

ByteEnumField

14

msglen

ThreeBytesField

None

class scapy.layers.tls.handshake.TLSServerKeyExchange(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
build(*args, **kargs)

我们重载了build()方法,以便为基于TLS会话的参数提供有效的默认值(如果未提供). 这不能通过覆盖i2m()来完成,因为该方法是在数据包的副本上调用的.

" params"字段是根据key_exchange.server_kx_msg_cls构建的,该密钥应在先前的ServerHello中收到密码套件后进行设置. 通常的情况是:

  • 无:用于RSA加密或固定的FF / ECDH. 绝不应该发生这种情况,因为首先不应该生成ServerKeyExchange.

  • ServerDHParams:用于临时FFDH. 在这种情况下,server_kx_msg_cls的参数无关紧要.

  • ServerECDH * Params:用于临时ECDH. 实际上有三个类,由_tls_server_ecdh_cls_guess在检索到的第一个字节上调度. 此处的默认值为b" 03",它对应于ServerECDHNamedCurveParams(隐式曲线).

通过.fill_missing()构建Server * DHParams时,会话server_kx_privkey将相应地更新.

fields_desc
TLSServerKeyExchange字段

msgtype

ByteEnumField

12

msglen

ThreeBytesField

None

params

_TLSServerParamsField

None

sig

_TLSSignatureField

None

post_dissection(pkt)

在先前剖析Server * DHParams时,会话server_kx_pubkey应该已经更新.

XXX在"匿名"测试中添加" fixed_dh" OR条件.

class scapy.layers.tls.handshake.TLSSupplementalData(_pkt='', post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields)

Bases: scapy.layers.tls.handshake._TLSHandshake

aliastypes
fields_desc
TLSSupplementalData字段

msgtype

ByteEnumField

23

msglen

ThreeBytesField

None

sdatalen

ThreeBytesLenField

None

sdata

PacketListField

[]

class scapy.layers.tls.handshake.ThreeBytesLenField(name, default, length_of=None, adjust=<function ThreeBytesLenField.<lambda>>)

Bases: scapy.fields.FieldLenField

addfield(pkt, s, val)
getfield(pkt, s)
i2repr(pkt, x)
class scapy.layers.tls.handshake.URLAndOptionalHash

Bases: scapy.packet.Packet

aliastypes
fields_desc
URLAndOptionalHash字段

urllen

FieldLenField

None

url

StrLenField

b''

hash_present

FieldLenField

None

hash

StrLenField

b''

guess_payload_class(p)
class scapy.layers.tls.handshake.UserMappingData

Bases: scapy.packet.Packet

aliastypes
fields_desc
UserMappingData字段

version

ByteField

None

len

FieldLenField

None

data

StrLenField

b''

guess_payload_class(p)