From 306240810f33104eed6fe77d072bf6b9825e0aa0 Mon Sep 17 00:00:00 2001 From: Alex Moneger Date: Wed, 9 Nov 2016 16:55:11 -0800 Subject: [PATCH] Modified tls client example to use do_handshake - Simplifies the client workflow --- ...ll_rsa_connection_with_application_data.py | 62 ++++++------------- 1 file changed, 18 insertions(+), 44 deletions(-) diff --git a/examples/full_rsa_connection_with_application_data.py b/examples/full_rsa_connection_with_application_data.py index 66074e1..88d3fcd 100644 --- a/examples/full_rsa_connection_with_application_data.py +++ b/examples/full_rsa_connection_with_application_data.py @@ -3,8 +3,6 @@ from __future__ import with_statement from __future__ import print_function -import socket -import sys try: # This import works from the project directory @@ -13,52 +11,28 @@ # If you installed this package via pip, you just need to execute this from scapy.layers.ssl_tls import * -tls_version = TLSVersion.TLS_1_2 - - -def tls_hello(sock): - client_hello = TLSRecord(version=tls_version) / TLSHandshake() /\ - TLSClientHello(version=tls_version, compression_methods=[TLSCompressionMethod.NULL, ], - cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256, ]) - # cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_128_CBC_SHA256, ]) - # cipher_suites=[TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA, ]) - # cipher_suites=[TLSCipherSuite.RSA_WITH_RC4_128_SHA, ]) - # cipher_suites=[TLSCipherSuite.DHE_RSA_WITH_AES_128_CBC_SHA, ]) - # cipher_suites=[TLSCipherSuite.DHE_DSS_WITH_AES_128_CBC_SHA, ]) - sock.sendall(client_hello) - server_hello = sock.recvall() - server_hello.show() - -def tls_client_key_exchange(sock): - client_key_exchange = TLSRecord(version=tls_version) / TLSHandshake() / sock.tls_ctx.get_client_kex_data() - client_ccs = TLSRecord(version=tls_version) / TLSChangeCipherSpec() - sock.sendall(TLS.from_records([client_key_exchange, client_ccs])) - sock.sendall(to_raw(TLSFinished(), sock.tls_ctx)) - server_finished = sock.recvall() - server_finished.show() +tls_version = TLSVersion.TLS_1_2 +ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256] +extensions = [TLSExtension() / TLSExtSessionTicketTLS(data="")] def tls_client(ip): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - try: - sock.connect(ip) - sock = TLSSocket(sock, client=True) - sock.tls_ctx.client_ctx.nonce = 72623859790382856 - print("Connected to server: %s" % (ip,)) - except socket.timeout: - print("Failed to open connection to server: %s" % (ip,), file=sys.stderr) - else: - tls_hello(sock) - tls_client_key_exchange(sock) - print("Finished handshake. Sending application data (GET request)") - sock.sendall(to_raw(TLSPlaintext(data="GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"), sock.tls_ctx)) - resp = sock.recvall() - print("Got response from server") - resp.show() - print(sock.tls_ctx) - finally: - sock.close() + with TLSSocket(socket.socket(), client=True) as tls_socket: + try: + tls_socket.connect(ip) + except socket.timeout: + print("Failed to open connection to server: %s" % (ip,), file=sys.stderr) + else: + print("Connected to server: %s" % (ip,)) + try: + server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions) + http_response = tls_socket.do_round_trip(to_raw(TLSPlaintext(data="GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"), tls_socket.tls_ctx)) + http_response.show() + print(tls_socket.tls_ctx) + except TLSProtocolError as pe: + print(pe) + if __name__ == "__main__": if len(sys.argv) > 2: