public void DecodeSSLCommunication(string filename)
{
var frameKeyProvider = new FrameKeyProvider();
Console.WriteLine($"Test file={filename}:");
var packets = PacketProvider.LoadPacketsFromResourceFolder(filename).Select(p => new FrameData {
Data = p.Data, LinkLayer = (LinkLayerType)p.LinkLayerType, Timestamp = 0
});
var flows = from packet in packets.Select(p => (Key: frameKeyProvider.GetKey(p), Packet: p))
group packet by packet.Key;
foreach (var flow in flows.Where(x => IsTlsFlow(x.Key)))
{
Console.WriteLine($"{flow.Key}:");
foreach (var msg in flow)
{
var tcpPacket = ParseTcpPacket(msg.Packet);
var tlsPacket = ParseTlsPacket(tcpPacket);
bool emptyTcp = (tcpPacket.PayloadData?.Length ?? 0) == 0;
var flags = TcpFlags(tcpPacket);
var tlsInfo = $"[TLS: Type={tlsPacket?.ContentType.ToString()}]";
Console.WriteLine($" {msg.Key}: {(!emptyTcp ? tlsInfo : "")} [TCP: PayloadSize={tcpPacket?.PayloadData?.Length}, Flags={flags}]");
}
}
}
public void ParseTlsRecord(string filename)
{
var path = PacketProvider.GetFullPath(filename);
var bytes = File.ReadAllBytes(path);
var tlsPacket = new TlsPacket(new KaitaiStream(bytes));
switch (tlsPacket.Fragment)
{
case TlsPacket.TlsHandshake handshake:
switch (handshake.Body)
{
case TlsPacket.TlsCertificate tlscert:
var x509cert = new X509Certificate2(tlscert.Certificates.First().Body);
break;
}
break;
case TlsPacket.TlsClientHello clientHello:
foreach (var suite in clientHello.CipherSuites.Items)
{
Console.WriteLine($"{(TlsCipherSuite)suite}");
}
break;
}
}
public void LoadAndParsePacket(string filename)
{
var packets = PacketProvider.LoadPacketsFromResourceFolder(filename);
var flows = from packet in packets.Select(p => (Key: FrameKeyProvider.GetKeyForEthernetFrame(p.Data), Packet: p))
group packet by packet.Key;
foreach (var flow in flows)
{
var httpFlow = flow.Select(x => (x.Key, ParseHttpPacket(x.Packet)));
foreach (var msg in httpFlow)
{
Console.WriteLine($"{msg.Key}: {msg.Item2.PacketType}");
}
}
}
public void ParseSslRecord(string filename)
{
var path = PacketProvider.GetFullPath(filename);
var bytes = File.ReadAllBytes(path);
var sslPacket = new SslPacket(new KaitaiStream(bytes));
switch (sslPacket.Record.Message)
{
case SslPacket.SslClientHello clientHello:
foreach (var suite in clientHello.CipherSpecs.Entries)
{
var suiteNumber = (uint)EndianBitConverter.Big.ToUInt16(suite.CipherBytes, 1) + (suite.CipherBytes[0] << 16);
var suiteName1 = (TlsCipherSuite)suiteNumber;
}
break;
}
}
public void ParseMqttMessage(string filename)
{
var path = PacketProvider.GetFullPath(filename);
var bytes = File.ReadAllBytes(path);
var tlsPacket = new MqttPacket(new KaitaiStream(bytes));
}