Wireshark-dev: Re: [Wireshark-dev] [TLS parser]Help seeking idea to write TLS parser in basic w
Hi Sadik,
On Fri, Oct 13, 2017 at 11:54:46AM +0200, Sadik Sikder wrote:
> i have a own netanalyzer [developed libpcap on linux c/c++]that works like
> kind of wireshark. the net analyzer developed by other team up to tcp
> parser and i need to write tls parser which parse following field values
> i have developed a TLS decryption system taking field values from analyzer
> like client random, server random etc. these are static. for totally
> automation /dynamic i need write a tls parser code for triggering automatic
> those field value fetching into my decryption tool.
> currently i am seeking information or idea how should i start to write TLS
> parser. i have no idea before that. a basic page example link or
> explanation would be great help.
Since you are posting this to the Wireshark Developers list... You could
invoke Wireshark and parse its dissection results. E.g.
tshark -r your.pcap -Y ssl -T pdml
and then parse the dissection done by Wireshark.
Though given your scenario, this is probably not what you meant.
I already explained to you how Wireshark dissects TLS before:
https://www.wireshark.org/lists/wireshark-dev/201709/msg00006.html
To write your TLS parser you need to:
- Implement TLS record parser (trivial) and reassembly.
- Given the reassembled records, parse Handshake messages.
- Given parsed Handshake messages, extract required information (Client
Random, SKE, etc.).
- ...
How you implement this is up to you, what have you tried? (This is
starting to get off-topic for wireshark-dev though.)
--
Kind regards,
Peter Wu
https://lekensteyn.nl
