stackoom
  简体   繁体   中英

Scapy sniffing SSL

 原文  2015-02-09 09:47:39       python/ ssl/ packet/ scapy

Question

How can I recognize SSL packets when I sniff in scapy?

I know that SSL packets are going through port 443, can I assume that all the TCP packets that go through port 443 are SSL packets?

2 answers

solution1
 3  2015-02-09 10:05:43

You can neither assume that all traffic using port 443 is SSL and also that SSL can only be found on port 443. To detect SSL traffic you might try to look at the first bytes, ie a data stream starting with \\x16\\x03 followed by [\\x00-\\x03] might be a ClientHello for SSL 3.0 ... TLS 1.2. But of course it might also be some other protocol which just uses the same initial byte sequence.

solution2
 3 ACCPTED  2015-02-09 11:49:55

Others have added support for SSL/TLS as a layer to Scapy.

https://github.com/tintinweb/scapy-ssl_tls

Follow the README their to install. Once installed you should be able to use that to detect SSL/TLS content in a packet with the haslayer function.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Scapy sniffing on Windows Python Scapy not sniffing Scapy: Sniffing for self made layers Python scapy sniffing replacing images Scapy - sniffing 2 interfaces out of three Python - Scapy - Sniffing local network sniffing http packets using scapy python-3.4 Scapy sniffing Tkinter window freezes when sniffing with scapy FCfield Attribut error while sniffing packets using Scapy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM