disable TLS handshake info in payload capture #38
Comments
|
Design discussions regarding LogStream indicate that LS will require the TLS exchange in support of protocol detection. Therefore, current thinking is to remove the TLS exchange when emitting payload data to files, but keep it intact when connected to LS. |
|
Sort of getting close. Sending a request and extracting encrypted payload without TLS. 00000000 47 45 54 20 2f 41 6d 65 73 20 48 54 54 50 2f 31 |GET /Ames HTTP/1| 00000010 2e 31 0d 0a 48 6f 73 74 3a 20 77 74 74 72 2e 69 |.1..Host: wttr.i| 00000020 6e 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 |n..User-Agent: c| 00000030 75 72 6c 2f 37 2e 36 38 2e 30 0d 0a 41 63 63 65 |url/7.68.0..Acce| 00000040 70 74 3a 20 2a 2f 2a 0d 0a 0d 0a 15 03 03 00 1a |pt: /.........| 00000050 51 5e 14 75 81 5d 21 bd a6 f6 67 bd aa 3d 04 82 |Q^.u.]!...g..=..| 00000060 10 ba fa 06 88 2d 13 6c c3 5c |.....-.l.| |
When using TLS connections we are picking up the handshake content as well. While this might be useful in some cases we need to have a switch to not output this content
My preference would be to have this option off by default and allow users to turn it on if desired
To reproduce:
run the following command
SCOPE_PAYLOAD_ENABLE=true ./scope curl -v --http1.1 https://cdn.cribl.io/dl/latestLook at one of the .in or .out files that are output in tmp
See below for an example of how the request looks like
/tmp$
cat 24778_99.84.198.43:44844:443.out | hexdump -C00000000 16 03 01 02 00 01 00 01 fc 03 03 65 5a 78 47 f6 |...........eZxG.|
00000010 1b 5c c3 5c 4a f3 ef 5d 65 3d d6 3d 03 42 92 5f |..\J..]e=.=.B._|
00000020 ac bf 4c e8 23 dd 84 74 ad 43 c3 20 bf df 2d aa |..L.#..t.C. ..-.|
00000030 d5 85 b6 21 41 62 86 a9 69 16 8c 12 80 67 78 32 |...!Ab..i....gx2|
00000040 ef ce 1c 9e 4a 7b 20 c0 d3 c9 47 c7 00 3e 13 02 |....J{ ...G..>..|
00000050 13 03 13 01 c0 2c c0 30 00 9f cc a9 cc a8 cc aa |.....,.0........|
00000060 c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 |.+./...$.(.k.#.'|
....
000002b0 47 45 54 20 2f 64 6c 2f 6c 61 74 65 73 74 20 48 |GET /dl/latest H|
000002c0 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 63 |TTP/1.1..Host: c|
000002d0 64 6e 2e 63 72 69 62 6c 2e 69 6f 0d 0a 55 73 65 |dn.cribl.io..Use|
000002e0 72 2d 41 67 65 6e 74 3a 20 63 75 72 6c 2f 37 2e |r-Agent: curl/7.|
000002f0 35 38 2e 30 0d 0a 41 63 63 65 70 74 3a 20 2a 2f |58.0..Accept: /|
00000300 2a 0d 0a 0d 0a 17 03 03 00 13 44 7d 84 58 58 63 |.........D}.XXc|
00000310 aa 3b d9 93 b8 92 5d 4e 87 aa 4d 8f 6a |.;....]N..M.j|
0000031d
The text was updated successfully, but these errors were encountered: