TLS 报文分析记录
来源:互联网 发布:新手开淘宝店找货源 编辑:程序博客网 时间:2024/05/19 11:36
struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites;
CompressionMethod compression_methods;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions;
};
} ClientHello; http://tools.ietf.org/html/rfc5246#section-7.4.5
Transport Layer Security (TLS) Extensions
http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
Transport Layer Security (TLS) Parameters
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
16 03 01 00 6B 01 00 00 67 03 01 51 71 67 53 7E F2 BF 7F F2 EA F3 8D 85 5E 23 85 C3 34 7D 31 88 C9 2D 33 85 5F 8E C1 31 32 05 54 00 00 2C 00 FF 00 39 00 38 00 35 00 66 00 33 00 32 00 05 00 04 00 2F 00 16 00 13 FE FF 00 0A 00 15 00 12 FE FE 00 09 00 64 00 62 00 03 00 06 01 00 00 12 00 00 00 0E 00 0C 00 00 09 67 6D 61 69 6C 2E 63 6F 6D
Package total length = 112
16 --> Tls Header ( 16 : Plaintext 17 : ciphertext)
03 01 --> TLS Version (v1.0) 03 02 (v1.1)
00 6B --> Following data length = 107 = (112-5)
01 00 --> ClientHello Header 01:Client 02:Server
00 67 --> Following data length= 103 = (107-4)
03 01 --> TLS Version
struct {
uint32 gmt_unix_time;
opaque random_bytes[28];
} Random;
51 71 67 53 --> gmt_unix_time
7E F2 BF 7F F2 EA F3 8D 85 5E 23 85 C3 34 7D 31 88 C9 2D 33 85 5F 8E C1 31 32 05 54 (28+4 = 32Byte) --> ClientHello field: random
20 --> ClientHello field: session length (32)
51 71 67 59 C9 A6 6E 17 C1 B4
96 CF 66 87 D9 91 88 6D A7 3B
6F 3B 63 77 30 1F 71 4C 7B C1 70 B4 --> ClientHello field: session id
00 2C --> ClientHello field: cipher suite length (44 = 2*12)
00 FF 00 39 00 38 00 35 00 66
00 33 00 32 00 05 00 04 00 2F
00 16 00 13 FE FF 00 0A 00 15
00 12 FE FE 00 09 00 64 00 62 00 03 00 06 --> ClientHello field: cipher suite(s)
01 --> ClientHello field: compression support, length (1)
00 --> ClientHello field: compression support, no compression (0)
00 12 -->ClientHello field: extension length (18)
00 00 00 0E 00 0C 00 00 09 67 6D 61 69 6C 2E 63 6F 6D --> externsion content
---Server respond hello ---
struct {
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSuite cipher_suite;
CompressionMethod compression_method;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions<0..2^16-1>;
};
} ServerHello;
Package total length = 2099
16 --> Tls Header
03 01 --> TLS Version (v1.0) 03 02 (v1.1)
08 2E --> Following data length (2049)
02 00 --> ServerHello Header 01:Client 02:Server
00 4D --> Data Length = 77
03 01 --> TLS Version
51 71 67 59 --> gmt_unix_time
20 --> ServerHello field: session length (32)
51 71 67 59 C9 A6 6E 17 C1 B4
96 CF 66 87 D9 91 88 6D A7 3B
6F 3B 63 77 30 1F 71 4C 7B C1 70 B4 --> ServerHello field: session id (32)
00 39 --> selected cipher suite
00 00 05 FF 01 00 01 00
................................
数据的抓取是从与 gmail.com TLS的握手过程
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites;
CompressionMethod compression_methods;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions;
};
} ClientHello; http://tools.ietf.org/html/rfc5246#section-7.4.5
Transport Layer Security (TLS) Extensions
http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
Transport Layer Security (TLS) Parameters
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
16 03 01 00 6B 01 00 00 67 03 01 51 71 67 53 7E F2 BF 7F F2 EA F3 8D 85 5E 23 85 C3 34 7D 31 88 C9 2D 33 85 5F 8E C1 31 32 05 54 00 00 2C 00 FF 00 39 00 38 00 35 00 66 00 33 00 32 00 05 00 04 00 2F 00 16 00 13 FE FF 00 0A 00 15 00 12 FE FE 00 09 00 64 00 62 00 03 00 06 01 00 00 12 00 00 00 0E 00 0C 00 00 09 67 6D 61 69 6C 2E 63 6F 6D
Package total length = 112
16 --> Tls Header ( 16 : Plaintext 17 : ciphertext)
03 01 --> TLS Version (v1.0) 03 02 (v1.1)
00 6B --> Following data length = 107 = (112-5)
01 00 --> ClientHello Header 01:Client 02:Server
00 67 --> Following data length= 103 = (107-4)
03 01 --> TLS Version
struct {
uint32 gmt_unix_time;
opaque random_bytes[28];
} Random;
51 71 67 53 --> gmt_unix_time
7E F2 BF 7F F2 EA F3 8D 85 5E 23 85 C3 34 7D 31 88 C9 2D 33 85 5F 8E C1 31 32 05 54 (28+4 = 32Byte) --> ClientHello field: random
20 --> ClientHello field: session length (32)
51 71 67 59 C9 A6 6E 17 C1 B4
96 CF 66 87 D9 91 88 6D A7 3B
6F 3B 63 77 30 1F 71 4C 7B C1 70 B4 --> ClientHello field: session id
00 2C --> ClientHello field: cipher suite length (44 = 2*12)
00 FF 00 39 00 38 00 35 00 66
00 33 00 32 00 05 00 04 00 2F
00 16 00 13 FE FF 00 0A 00 15
00 12 FE FE 00 09 00 64 00 62 00 03 00 06 --> ClientHello field: cipher suite(s)
01 --> ClientHello field: compression support, length (1)
00 --> ClientHello field: compression support, no compression (0)
00 12 -->ClientHello field: extension length (18)
00 00 00 0E 00 0C 00 00 09 67 6D 61 69 6C 2E 63 6F 6D --> externsion content
---Server respond hello ---
struct {
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSuite cipher_suite;
CompressionMethod compression_method;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions<0..2^16-1>;
};
} ServerHello;
Package total length = 2099
16 --> Tls Header
03 01 --> TLS Version (v1.0) 03 02 (v1.1)
08 2E --> Following data length (2049)
02 00 --> ServerHello Header 01:Client 02:Server
00 4D --> Data Length = 77
03 01 --> TLS Version
51 71 67 59 --> gmt_unix_time
20 --> ServerHello field: session length (32)
51 71 67 59 C9 A6 6E 17 C1 B4
96 CF 66 87 D9 91 88 6D A7 3B
6F 3B 63 77 30 1F 71 4C 7B C1 70 B4 --> ServerHello field: session id (32)
00 39 --> selected cipher suite
00 00 05 FF 01 00 01 00
................................
数据的抓取是从与 gmail.com TLS的握手过程
0 0
- TLS 报文分析记录
- TLS/SSL报文格式探究
- DNS报文格式 A记录查询请求 分析
- TLS/SSL 实例分析
- TLS协议分析
- TLS协议分析
- TLS协议分析------
- SSL/TLS 协议分析
- CXF报文日志记录
- 8583报文详细分析
- SNMP报文分析
- DHCP报文分析
- RTP报文头部分析
- ICMP报文分析
- 8583报文详细分析
- DNS报文格式分析
- 8583报文详细分析
- ICMP报文分析
- 关于cvCreateFileCapture以及cvCreateVideoWriter的avi读写方法(Xcode)
- Cookie 和Session 的区别详解
- runtime 运行时机制 完全解读
- 1044. Shopping in Mars (25)
- Spring mvc中集成Junit4测试
- TLS 报文分析记录
- maven学习笔记
- 国家标准协议汇总
- 插件列表
- DNS
- 在Docker容器中创建OpenVPN时的最小权限的开启方法
- JMeter数据库请求配置及示例
- 左右滑动的Tab
- maven 简介