/// <summary> /// Adds new TLS record to the conversation model. /// </summary> /// <param name="applicationData">The application data record.</param> /// <param name="direction">The direction, i.e., client to server or vice versa.</param> /// <param name="recordMeta">Metadata of the TLS record.</param> /// <param name="tcpPackets">A collection of TCP segments caryying the record's data.</param> public void AddApplicationDataRecord(TlsPacket.TlsApplicationData applicationData, TlsPacketContext packetContext) { TcpSegmentModel GetOrCreateModel((PacketMeta Meta, TcpPacket Packet) packet) { var segmentModel = m_modelContext.Find <TcpSegmentModel>(packet.Meta.Number); if (segmentModel != null) { return(segmentModel); } else { var newSegmentModel = new TcpSegmentModel { TimeOffset = DateTimeOffset.FromUnixTimeMilliseconds(packet.Meta.Timestamp) - m_conversationModel.Timestamp, PacketId = packet.Meta.Number, Flags = TcpFlags(packet.Packet), Length = packet.Packet.PayloadData?.Length ?? 0, Window = packet.Packet.WindowSize }; m_modelContext.Add(newSegmentModel); return(newSegmentModel); } } var newRecordModel = new TlsRecordModel { RecordId = packetContext.Metadata.Number, Direction = packetContext.Direction, TimeOffset = DateTimeOffset.FromUnixTimeMilliseconds(packetContext.Metadata.Timestamp) - m_conversationModel.Timestamp, Length = applicationData.Body.Length, Segments = packetContext.TcpPackets.Select(GetOrCreateModel).ToList(), }; m_modelContext.Add(newRecordModel); m_conversationModel.Records.Add(newRecordModel); }
public byte[] DecryptApplicationData(TlsKeys tlsKeys, TlsPacket.TlsApplicationData applicationData, ulong sequenceNumber) { if (KeyBlock == null) { throw new InvalidOperationException($"KeyBlock not initialized. Please, call {nameof(InitializeKeyBlock)} first."); } var content = new Span <byte>(applicationData.Body); if (this.SecurityParameters.CipherType == TlsCipherType.Aead) { var macLength = SecurityParameters.MacLength / 8; var recordNonceLength = SecurityParameters.RecordIVLength / 8; var nonce = ComputeNonce(tlsKeys, content); var additionalData = ByteString.Combine( BitConverter.GetBytes(sequenceNumber).Reverse().ToArray(), new byte[] { (byte)applicationData.M_Parent.ContentType, applicationData.M_Parent.Version.Major, applicationData.M_Parent.Version.Minor }, BitConverter.GetBytes((ushort)(applicationData.Body.Length - (recordNonceLength + macLength))).Reverse().ToArray() ); var aead = CreateAeadCipher(SecurityParameters.CipherMode, CreateBlockCipher(SecurityParameters.CipherAlgorithm.ToString().ToUpperInvariant())); return(DecryptAead(aead, tlsKeys.EncodingKey, nonce, content.Slice(recordNonceLength), additionalData)); } if (this.SecurityParameters.CipherType == TlsCipherType.Block) { var cbc = CreateBlockCipher(SecurityParameters.CipherMode, CreateBlockCipher(SecurityParameters.CipherAlgorithm.ToString().ToUpperInvariant())); var mac = CreateHMacAlgorithm(SecurityParameters.MacAlgorithm); return(DecryptBlock(cbc, mac, tlsKeys.EncodingKey, tlsKeys.IV, tlsKeys.MacKey, content)); } if (this.SecurityParameters.CipherType == TlsCipherType.Stream) { throw new NotImplementedException(); } throw new NotSupportedException($"Decrypting {CipherSuite.ToString()} is not supported."); }
private static void DumpApplicationData(TlsDecoder tlsDecoder, TlsKeys tlsKeys, TlsPacket.TlsApplicationData tlsData, ulong seqNumber, string filename) { var plainBytes = tlsDecoder.DecryptApplicationData(tlsKeys, tlsData, seqNumber); if (tlsDecoder.Compression == TlsPacket.CompressionMethods.Deflate) { plainBytes = tlsDecoder.Decompress(plainBytes); } File.WriteAllBytes($"{filename}.txt", plainBytes); }
public void AddApplicationDataRecord(TlsPacket.TlsApplicationData applicationData, TlsPacketContext packetContext) { }
public TlsRecordApplicationData(TlsPacket.TlsApplicationData kaitaiApplicationData) { this.DataLen = kaitaiApplicationData.Body.Length; }