Exemple #1
0
 public void SetServerHello(TlsPacket.TlsServerHello serverHello, TlsPacketContext packetContext)
 {
     m_conversationModel.Version           = TlsSecurityParameters.GetSslProtocolVersion(serverHello.Version.Major, serverHello.Version.Minor).ToString();
     m_conversationModel.SessionId         = ByteString.ByteArrayToString(serverHello.SessionId.Sid);
     m_conversationModel.ServerRandom      = ByteString.ByteArrayToString(serverHello.Random.RandomBytes);
     m_conversationModel.ServerCipherSuite = $"{(TlsCipherSuite)serverHello.CipherSuite.CipherId}";
     m_conversationModel.ServerExtensions  = GetExtensions(serverHello.Extensions);
 }
Exemple #2
0
        static void Main(string[] args)
        {
            if (args.Length != 2)
            {
                PrintUsage();
                return;
            }

            var modelContext = TlsConversationContext.CreateInMemory();

            if (String.Equals("extract", args[0], StringComparison.InvariantCultureIgnoreCase))
            {
                var filepath         = args[1];
                var frameKeyProvider = new FrameKeyProvider();
                var keyFile          = Path.ChangeExtension(filepath, "key");
                var secretMap        = File.Exists(keyFile) ? TlsMasterSecretMap.LoadFromFile(keyFile): new TlsMasterSecretMap();
                var packets          = FastPcapFileReaderDevice.ReadAll(args[1]).Select((p, i) => (Key: frameKeyProvider.GetKey(p), Value: (Meta: new PacketMeta {
                    Number = i + 1, Timestamp = p.Timestamp
                }, Packet: p)));
                var flows            = from packet in packets
                                       group packet by packet.Key;

                var conversations = TcpStreamConversation.CreateConversations(flows.ToDictionary(x => x.Key, x => x.Select(y => y.Value)));

                foreach (var conversation in conversations)
                {
                    var modelBuilder   = new TlsConversationModelBuilder(modelContext);
                    var decoderBuilder = new TlsDecoderBuilder();
                    var processor      = new TlsSessionProcessor(modelBuilder, decoderBuilder);
                    processor.ProcessConversation(conversation);


                    var model = modelBuilder.ToModel();
                    modelContext.SaveChanges();


                    var tlsDecoder   = decoderBuilder.ToDecoder();
                    var masterSecret = secretMap.GetMasterSecret(ByteString.ByteArrayToString(tlsDecoder.ClientRandom));
                    if (masterSecret != null)
                    {
                        tlsDecoder.MasterSecret = ByteString.StringToByteArray(masterSecret);
                        var tlsSecurityParameters = TlsSecurityParameters.Create(tlsDecoder.ProtocolVersion, tlsDecoder.CipherSuite.ToString(), tlsDecoder.Compression);
                        tlsDecoder.InitializeKeyBlock(tlsSecurityParameters);

                        // USE TLS DECODER
                        DumpConversationContent(tlsDecoder, conversation, processor.ClientDataRecords, processor.ServerDataRecords);
                    }
                }
                CsvFeatureWriter.WriteCsv(Path.ChangeExtension(filepath, "csv"), modelContext);
            }
        }
Exemple #3
0
        public void SetClientHello(TlsPacket.TlsClientHello clientHello, TlsPacketContext packetContext)
        {
            string GetCipherSuites(TlsPacket.CipherSuites cipherSuites)
            {
                var suites = cipherSuites.Items.Select(x => ((TlsCipherSuite)x).ToString());

                return($"[{String.Join(',', suites)}]");
            }

            m_conversationModel.SessionId          = ByteString.ByteArrayToString(clientHello.SessionId.Sid);
            m_conversationModel.ClientRandom       = ByteString.ByteArrayToString(clientHello.Random.RandomBytes);
            m_conversationModel.ClientCipherSuites = GetCipherSuites(clientHello.CipherSuites);
            m_conversationModel.ClientExtensions   = GetExtensions(clientHello.Extensions);
            m_conversationModel.Timestamp          = DateTimeOffset.FromUnixTimeMilliseconds(packetContext.Metadata.Timestamp);
        }
Exemple #4
0
        /// <summary>
        /// Tests the PRF implementation (see https://www.ietf.org/mail-archive/web/tls/current/msg03416.html).
        /// </summary>
        public static void Test100()
        {
            var secret = "9b be 43 6b a9 40 f0 17 b1 76 52 84 9a 71 db 35".Replace(" ", "");
            var seed   = "a0 ba 9f 93 6c da 31 18 27 a6 f7 96 ff d5 19 8c".Replace(" ", "");
            var label  = "test label";

            var expectedPrefix = ("e3 f2 29 ba 72 7b e1 7b").Replace(" ", "");
            var prf            = new ShaPrfAlgorithm();
            var output         = prf.GetSecretBytes(ByteString.StringToByteArray(secret), label, ByteString.StringToByteArray(seed), 100);
            var outputString   = ByteString.ByteArrayToString(output);
            var isSame         = outputString.StartsWith(expectedPrefix, StringComparison.InvariantCulture);

            if (!isSame)
            {
                throw new InvalidOperationException("Something is wrong with PRF algorithm!");
            }
        }