Scapy嗅探SSL
[英]Scapy sniffing SSL
问题描述
How can I recognize SSL packets when I sniff in scapy? 
嗅探scapy时如何识别SSL数据包?
I know that SSL packets are going through port 443, can I assume that all the TCP packets that go through port 443 are SSL packets? 我知道SSL数据包正在通过端口443,我是否可以假定所有通过端口443的TCP数据包都是SSL数据包?
2 个解决方案
解决方案1
3 2015-02-09 10:05:43
You can neither assume that all traffic using port 443 is SSL and also that SSL can only be found on port 443. To detect SSL traffic you might try to look at the first bytes, ie a data stream starting with \\x16\\x03 followed by [\\x00-\\x03] might be a ClientHello for SSL 3.0 ... TLS 1.2. 您既不能假设使用端口443的所有流量都是SSL,也不能仅在端口443上找到SSL。要检测SSL流量,您可以尝试查看第一个字节,即以\\x16\\x03开头的数据流,后跟[\\x00-\\x03]可能是SSL 3.0 ... TLS 1.2的ClientHello。 But of course it might also be some other protocol which just uses the same initial byte sequence. 但是当然,也可能是其他一些协议使用了相同的初始字节序列。
解决方案2
3 已采纳 2015-02-09 11:49:55
Others have added support for SSL/TLS as a layer to Scapy. 其他人在Scapy中添加了对SSL / TLS的支持。
https://github.com/tintinweb/scapy-ssl_tls https://github.com/tintinweb/scapy-ssl_tls
Follow the README their to install. 按照自述文件进行安装。 Once installed you should be able to use that to detect SSL/TLS content in a packet with the haslayer function. 安装完成后,您应该可以使用haslayer函数使用它来检测数据包中的SSL / TLS内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.