public void SetServerHello(TlsPacket.TlsServerHello serverHello, TlsPacketContext packetContext)
{
m_tlsDecoder.ProtocolVersion = TlsSecurityParameters.GetSslProtocolVersion(serverHello.Version.Major, serverHello.Version.Minor);
m_tlsDecoder.ServerRandom = ByteString.Combine(serverHello.Random.RandomTime, serverHello.Random.RandomBytes);
m_tlsDecoder.CipherSuite = (TlsCipherSuite)serverHello.CipherSuite.CipherId;
m_tlsDecoder.Compression = serverHello.CompressionMethod;
}
public void SetServerHello(TlsPacket.TlsServerHello serverHello, TlsPacketContext packetContext)
{
m_conversationModel.Version = TlsSecurityParameters.GetSslProtocolVersion(serverHello.Version.Major, serverHello.Version.Minor).ToString();
m_conversationModel.SessionId = ByteString.ByteArrayToString(serverHello.SessionId.Sid);
m_conversationModel.ServerRandom = ByteString.ByteArrayToString(serverHello.Random.RandomBytes);
m_conversationModel.ServerCipherSuite = $"{(TlsCipherSuite)serverHello.CipherSuite.CipherId}";
m_conversationModel.ServerExtensions = GetExtensions(serverHello.Extensions);
}
public void SetClientHello(TlsPacket.TlsClientHello clientHello, TlsPacketContext packetContext)
{
string GetCipherSuites(TlsPacket.CipherSuites cipherSuites)
{
var suites = cipherSuites.Items.Select(x => ((TlsCipherSuite)x).ToString());
return($"[{String.Join(',', suites)}]");
}
m_conversationModel.SessionId = ByteString.ByteArrayToString(clientHello.SessionId.Sid);
m_conversationModel.ClientRandom = ByteString.ByteArrayToString(clientHello.Random.RandomBytes);
m_conversationModel.ClientCipherSuites = GetCipherSuites(clientHello.CipherSuites);
m_conversationModel.ClientExtensions = GetExtensions(clientHello.Extensions);
m_conversationModel.Timestamp = DateTimeOffset.FromUnixTimeMilliseconds(packetContext.Metadata.Timestamp);
}
public void SetServerCertificate(TlsPacket.TlsCertificate certificate, TlsPacketContext packetContext)
{
TlsCertificateModel CreateCertificate(X509Certificate2 cert)
{
var newCertificateModel = new TlsCertificateModel
{
SubjectName = cert.SubjectName.Name,
IssuerName = cert.IssuerName.Name,
NotBefore = cert.NotBefore,
NotAfter = cert.NotAfter
};
m_modelContext.Add(newCertificateModel);
return(newCertificateModel);
}
var x509Certificates = certificate.Certificates.Select(x => new X509Certificate2(x.Body));
m_conversationModel.ServerCertificates = x509Certificates.Select(CreateCertificate).ToList();
}
/// <summary>
/// Adds new TLS record to the conversation model.
/// </summary>
/// <param name="applicationData">The application data record.</param>
/// <param name="direction">The direction, i.e., client to server or vice versa.</param>
/// <param name="recordMeta">Metadata of the TLS record.</param>
/// <param name="tcpPackets">A collection of TCP segments caryying the record's data.</param>
public void AddApplicationDataRecord(TlsPacket.TlsApplicationData applicationData, TlsPacketContext packetContext)
{
TcpSegmentModel GetOrCreateModel((PacketMeta Meta, TcpPacket Packet) packet)
{
var segmentModel = m_modelContext.Find <TcpSegmentModel>(packet.Meta.Number);
if (segmentModel != null)
{
return(segmentModel);
}
else
{
var newSegmentModel = new TcpSegmentModel
{
TimeOffset = DateTimeOffset.FromUnixTimeMilliseconds(packet.Meta.Timestamp) - m_conversationModel.Timestamp,
PacketId = packet.Meta.Number,
Flags = TcpFlags(packet.Packet),
Length = packet.Packet.PayloadData?.Length ?? 0,
Window = packet.Packet.WindowSize
};
m_modelContext.Add(newSegmentModel);
return(newSegmentModel);
}
}
var newRecordModel = new TlsRecordModel
{
RecordId = packetContext.Metadata.Number,
Direction = packetContext.Direction,
TimeOffset = DateTimeOffset.FromUnixTimeMilliseconds(packetContext.Metadata.Timestamp) - m_conversationModel.Timestamp,
Length = applicationData.Body.Length,
Segments = packetContext.TcpPackets.Select(GetOrCreateModel).ToList(),
};
m_modelContext.Add(newRecordModel);
m_conversationModel.Records.Add(newRecordModel);
}
public void SetServerCertificate(TlsPacket.TlsCertificate certificate, TlsPacketContext packetContext)
{
}
public void SetClientHello(TlsPacket.TlsClientHello clientHello, TlsPacketContext packetContext)
{
m_tlsDecoder.ClientRandom = ByteString.Combine(clientHello.Random.RandomTime, clientHello.Random.RandomBytes);
}
public void AddApplicationDataRecord(TlsPacket.TlsApplicationData applicationData, TlsPacketContext packetContext)
{
}