Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add support for basic parsing of TLS Extensions in the Client Hello.

  • Loading branch information...
commit 60306d27d1d71485fa145587aad5a86f6d4fe9bd 1 parent f08b43c
@pquerna authored
Showing with 45 additions and 1 deletion.
  1. +45 −1 third_party/dpkt/dpkt/ssl.py
View
46 third_party/dpkt/dpkt/ssl.py
@@ -224,6 +224,37 @@ class TLSHelloRequest(dpkt.Packet):
__hdr__ = tuple()
+TLSExtensionTypes = {
+ 0: 'server_name',
+ 1: 'max_fragment_length',
+ 2: 'client_certificate_url',
+ 3: 'trusted_ca_keys',
+ 4: 'truncated_hmac',
+ 5: 'status_request',
+ 6: 'user_mapping',
+ 7: 'client_authz',
+ 8: 'server_authz',
+ 9: 'cert_type',
+ 10: 'elliptic_curves',
+ 11: 'ec_point_formats',
+ 12: 'srp',
+ 13: 'signature_algorithms',
+ 14: 'use_srtp',
+ 15: 'heartbeat',
+ 35: 'session_tickets',
+ 13172: 'next_protocol_negotiation',
+ 65281: 'renegotiation_info',
+}
+
+class TLSExtension(object):
+ def __init__(self, extNumber, data):
+ self.data = data
+ self.value = extNumber
+
+ @property
+ def name(self):
+ return TLSExtensionTypes.get(self.value, 'unknown')
+
class TLSClientHello(dpkt.Packet):
__hdr__ = (
('version', 'H', 0x0301),
@@ -246,8 +277,21 @@ def unpack(self, buf):
pointer += parsed
self.num_compression_methods = parsed - 1
self.compression_methods = map(ord, compression_methods)
- # extensions
+ self.extensions = []
+
+ if len(self.data[pointer:]) <= 0:
+ return
+ # skip total extensions length
+ pointer += 2
+
+ while len(self.data[pointer:]) > 0:
+ # extensions
+ extType = struct.unpack('!H', self.data[pointer:pointer+2])[0]
+ pointer += 2
+ extension, extensionLength = parse_variable_array(self.data[pointer:], 2)
+ pointer += extensionLength
+ self.extensions.append(TLSExtension(extType, extension))
class TLSServerHello(dpkt.Packet):
__hdr__ = (
Please sign in to comment.
Something went wrong with that request. Please try again.