Modified tls client example to use do_handshake

- Simplifies the client workflow
tintinweb · Nov 10, 2016 · 3062408 · 3062408
1 parent 1b047e6
commit 3062408
Showing 1 changed file with 18 additions and 44 deletions.
diff --git a/examples/full_rsa_connection_with_application_data.py b/examples/full_rsa_connection_with_application_data.py
@@ -3,8 +3,6 @@
 
 from __future__ import with_statement
 from __future__ import print_function
-import socket
-import sys
 
 try:
     # This import works from the project directory
@@ -13,52 +11,28 @@
     # If you installed this package via pip, you just need to execute this
     from scapy.layers.ssl_tls import *
 
-tls_version = TLSVersion.TLS_1_2
-
-
-def tls_hello(sock):
-    client_hello = TLSRecord(version=tls_version) / TLSHandshake() /\
-        TLSClientHello(version=tls_version, compression_methods=[TLSCompressionMethod.NULL, ],
-                       cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256, ])
-    # cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_128_CBC_SHA256, ])
-    # cipher_suites=[TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA, ])
-    # cipher_suites=[TLSCipherSuite.RSA_WITH_RC4_128_SHA, ])
-    # cipher_suites=[TLSCipherSuite.DHE_RSA_WITH_AES_128_CBC_SHA, ])
-    # cipher_suites=[TLSCipherSuite.DHE_DSS_WITH_AES_128_CBC_SHA, ])
-    sock.sendall(client_hello)
-    server_hello = sock.recvall()
-    server_hello.show()
-
 
-def tls_client_key_exchange(sock):
-    client_key_exchange = TLSRecord(version=tls_version) / TLSHandshake() / sock.tls_ctx.get_client_kex_data()
-    client_ccs = TLSRecord(version=tls_version) / TLSChangeCipherSpec()
-    sock.sendall(TLS.from_records([client_key_exchange, client_ccs]))
-    sock.sendall(to_raw(TLSFinished(), sock.tls_ctx))
-    server_finished = sock.recvall()
-    server_finished.show()
+tls_version = TLSVersion.TLS_1_2
+ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256]
+extensions = [TLSExtension() / TLSExtSessionTicketTLS(data="")]
 
 
 def tls_client(ip):
-    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    try:
-        sock.connect(ip)
-        sock = TLSSocket(sock, client=True)
-        sock.tls_ctx.client_ctx.nonce = 72623859790382856
-        print("Connected to server: %s" % (ip,))
-    except socket.timeout:
-        print("Failed to open connection to server: %s" % (ip,), file=sys.stderr)
-    else:
-        tls_hello(sock)
-        tls_client_key_exchange(sock)
-        print("Finished handshake. Sending application data (GET request)")
-        sock.sendall(to_raw(TLSPlaintext(data="GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"), sock.tls_ctx))
-        resp = sock.recvall()
-        print("Got response from server")
-        resp.show()
-        print(sock.tls_ctx)
-    finally:
-        sock.close()
+    with TLSSocket(socket.socket(), client=True) as tls_socket:
+        try:
+            tls_socket.connect(ip)
+        except socket.timeout:
+            print("Failed to open connection to server: %s" % (ip,), file=sys.stderr)
+        else:
+            print("Connected to server: %s" % (ip,))
+            try:
+                server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions)
+                http_response = tls_socket.do_round_trip(to_raw(TLSPlaintext(data="GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"), tls_socket.tls_ctx))
+                http_response.show()
+                print(tls_socket.tls_ctx)
+            except TLSProtocolError as pe:
+                print(pe)
+
 
 if __name__ == "__main__":
     if len(sys.argv) > 2: