TLS에서 클라이언트 제공 암호화 제품군 찾기

TLS에서 클라이언트 제공 암호화 제품군 찾기

나는 pcap 파일에서 데이터를 추출해야 하는 작업을 수행하고 있습니다. 파일은 다음과 같습니다. 여기에 이미지 설명을 입력하세요.

문제는 TLS에서 클라이언트가 제공하는 암호 제품군을 찾는 것입니다.내가 찾고 있는 암호 제품군이 초기 Client Hello 패킷에 있다는 것을 알고 있지만암호 제품군을 찾는 방법은 무엇입니까?

이것이 내가 지금까지 가지고 있는 것입니다:

tshark -r assign1.pcap | grep "Client Hello"

이것은 내가 얻는 결과입니다. 여기에 이미지 설명을 입력하세요.

파일은 다음과 같습니다.https://ufile.io/jsfjr

답변1

다음 스위치를 사용하면 tsharkClient Hello 핸드셰이크의 더 자세한 목록을 얻을 수 있습니다 .

$ tshark -r assign2.pcap -Y ssl.handshake.ciphersuites -Vx | less

less출력을 검색하면 /Client Hello다음 섹션을 찾을 수 있습니다.

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 246
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 242
        Version: TLS 1.2 (0x0303)
        Random
            gmt_unix_time: Mar 17, 2068 11:26:39.000000000 EDT
            random_bytes: 981fbf58a3116dd17c64b602e2809de75dac922eb559a0ba...
        Session ID Length: 0
        Cipher Suites Length: 108
        Cipher Suites (54 suites)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
            Cipher Suite: Unknown (0xcca9)
            Cipher Suite: Unknown (0xcca8)
            Cipher Suite: Unknown (0xccaa)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 (0x00ad)
            Cipher Suite: TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 (0x00ab)
            Cipher Suite: Unknown (0xccae)
            Cipher Suite: Unknown (0xccad)
            Cipher Suite: Unknown (0xccac)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_PSK_WITH_AES_256_GCM_SHA384 (0x00a9)
            Cipher Suite: Unknown (0xccab)
            Cipher Suite: TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 (0x00ac)
            Cipher Suite: TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 (0x00aa)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_PSK_WITH_AES_128_GCM_SHA256 (0x00a8)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
            Cipher Suite: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 (0xc038)
            Cipher Suite: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA (0xc036)
            Cipher Suite: TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 (0x00b7)
            Cipher Suite: TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 (0x00b3)
            Cipher Suite: TLS_RSA_PSK_WITH_AES_256_CBC_SHA (0x0095)
            Cipher Suite: TLS_DHE_PSK_WITH_AES_256_CBC_SHA (0x0091)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Cipher Suite: TLS_PSK_WITH_AES_256_CBC_SHA384 (0x00af)
            Cipher Suite: TLS_PSK_WITH_AES_256_CBC_SHA (0x008d)
            Cipher Suite: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (0xc037)
            Cipher Suite: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA (0xc035)
            Cipher Suite: TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 (0x00b6)
            Cipher Suite: TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 (0x00b2)
            Cipher Suite: TLS_RSA_PSK_WITH_AES_128_CBC_SHA (0x0094)
            Cipher Suite: TLS_DHE_PSK_WITH_AES_128_CBC_SHA (0x0090)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA256 (0x00ae)
            Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA (0x008c)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
        Compression Methods Length: 1
...

인용하다

관련 정보