无法通过python建立的tcp套接字上使用原始数据包处理mysql登录？ 可能是由于盐？

Question

I am trying simulate mysql connection process through python program. In python script, I am opening a tcp socket to mysql server and writing pre-captured on socket. On login packet I get an error "#28000Access denied for user 'root'@'10.xxxxx' (using password: YES)"

import socket
import sys
import time

Host = '10.x.x.xxx'
Port = '3306'

t_con = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
clust_vip = (Host, int(Port))

try:
  t_con.connect(clust_vip)
  print ('Socket connection established')
  print "TCP connection established:", t_con.recv(4096)

  byte1 = open("req_r1").read()
  t_con.send(byte1)
  print "Response for packet1:", t_con.recv(4096)

  bytes2 = open("req_r2").read()
  t_con.send(byte2)
  print "Response for packet2:", t_con.recv(4096)

finally:
   t_con.close()

"req_r1" and "req_r2" file used above contains raw packets (mysql protocol raw packets and not entire frame/tcp layer)

1. I am replaying the capture through socket
2. I have skipped the TCP connection packet (as I am establishing the socket connection through python)
3. I am trying to write raw packet (mysql protocol packet) and not entire frame on the socket.

Can anyone guide me how I can overcome this issue. I think error is due to salt used to establish the mysql connection.

I have tried Passwordless connection as well however it didn't worked.

Update: What I understand is on establishing tcp socket connection, db server replies with salt and I need to reuse this salt to generate encrypted password and use it in next connect packet. If anyone has idea if I am on right track and how i can extract/reuse it it would be great help.

Answer 1

You can't log in by replaying a previous session. As has been pointed out in comments, that would be terribly insecure. It's a challenge/response mechanism, and your response varies with the challenge received.

See https://dev.mysql.com/doc/internals/en/client-server-protocol.html for a breakdown of the protocol.