TLSHandshakeDecoder

package module

v0.0.0-...-c5cbbeb Latest Latest Go to latest Published: Nov 27, 2014 License: MIT Imports: 4 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hreese/TLSHandshakeDecoder

Links

Open Source Insights

README ¶

goTLSHelloDecoder

Decode a pcap file containing TLS Handshakes

Input files are created using:

tcpdump -nn -i any -w outfile.pcap 'tcp and port 443 and tcp[(((tcp[12:1] & 0xf0) >> 2)):1] = 0x16 and ((tcp[(((tcp[12:1] & 0xf0) >> 2)+5):1] = 0x01) or (tcp[(((tcp[12:1] & 0xf0) >> 2)+5):1] = 0x02))'

Short explanation: Listen to packets on port 443 (https), find offset of tcp payload and check if it starts with the TLS magic number and version SSLVv3 or TLSv1.x.

Documentation ¶

Index ¶

Constants
Variables
func DecodeRecord(p *TLSRecordLayer, data []byte) error
func TLSDecodeClientHello(p *TLSClientHello, data []byte) error
func TLSDecodeHandshake(p *TLSHandshake, data []byte) error
type CipherSuite
type TLSClientHello
type TLSHandshake
type TLSRecordLayer

Constants ¶

View Source

const (
	TypeChangeCypherSpec uint8 = 20
	TypeAlert            uint8 = 21
	TypeHandshake        uint8 = 22
	TypeApplicationData  uint8 = 23
)

View Source

const (
	VersionSSL30 uint16 = 0x0300
	VersionTLS10 uint16 = 0x0301
	VersionTLS11 uint16 = 0x0302
	VersionTLS12 uint16 = 0x0303
)

View Source

const (
	HandshakeTypeHelloRequest       uint8 = 0
	HandshakeTypeClientHello        uint8 = 1
	HandshakeTypeServerHello        uint8 = 2
	HandshakeTypeHelloVerifyRequest uint8 = 3
	HandshakeTypeCertificate        uint8 = 11
	HandshakeTypeServerKeyExchange  uint8 = 12
	HandshakeTypeCertificateRequest uint8 = 13
	HandshakeTypeServerHelloDone    uint8 = 14
	HandshakeTypeCertificateVerify  uint8 = 15
	HandshakeTypeClientKeyExchange  uint8 = 16
	HandshakeTypeFinished           uint8 = 20
)

Variables ¶

View Source

var CiphersByIndex map[uint]CipherSuite = map[uint]CipherSuite{}/* 318 elements not displayed */

all IANA registered cyphers, indexed by position in list

View Source

var CiphersByValue map[uint]CipherSuite = map[uint]CipherSuite{}/* 318 elements not displayed */

all IANA registered cyphers, indexed by identifier

Functions ¶

func DecodeRecord ¶

func DecodeRecord(p *TLSRecordLayer, data []byte) error

func TLSDecodeClientHello ¶

func TLSDecodeClientHello(p *TLSClientHello, data []byte) error

func TLSDecodeHandshake ¶

func TLSDecodeHandshake(p *TLSHandshake, data []byte) error

Types ¶

type CipherSuite ¶

type CipherSuite struct {
	Index uint
	Value uint16
	Name  string
}

list of official cipher suites

type TLSClientHello ¶

type TLSClientHello struct {
	// contains filtered or unexported fields
}

type TLSHandshake ¶

type TLSHandshake struct {
	HandshakeType uint8

	Body []byte
	// contains filtered or unexported fields
}

type TLSRecordLayer ¶

type TLSRecordLayer struct {
	Fragment []byte
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
pcap_analyze
sniffer

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL