updated layers pkg, added check for the number of records in tls to avoid false potitives

shadowy-pycoder · shadowy-pycoder · commit 8b6cbe2d0e5a · 2025-07-06T09:54:33.000+03:00
diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/rs/zerolog v1.34.0
 	github.com/shadowy-pycoder/colors v0.0.1
-	github.com/shadowy-pycoder/mshark v0.0.4
+	github.com/shadowy-pycoder/mshark v0.0.5
 	golang.org/x/net v0.40.0
 	golang.org/x/sys v0.33.0
 	golang.org/x/term v0.32.0
diff --git a/go.sum b/go.sum
@@ -19,8 +19,8 @@ github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/shadowy-pycoder/colors v0.0.1 h1:weCj/YIOupqy4BSP8KuVzr20fC+cuAv/tArz7bhhkP4=
 github.com/shadowy-pycoder/colors v0.0.1/go.mod h1:lkrJS1PY2oVigNLTT6pkbF7B/v0YcU2LD5PZnss1Q4U=
-github.com/shadowy-pycoder/mshark v0.0.4 h1:2yw6am1jt6n1GPHdLfFU1oDajv+zQ/23V0l0imFAeJY=
-github.com/shadowy-pycoder/mshark v0.0.4/go.mod h1:fRWGQuU4BFjz9pTfrvwIT2AtmWWd99PEvdlgv+24vTE=
+github.com/shadowy-pycoder/mshark v0.0.5 h1:D7L+vW6DsE/OMwxThQLenNJdHKHzufHFWGuL033GKhQ=
+github.com/shadowy-pycoder/mshark v0.0.5/go.mod h1:fRWGQuU4BFjz9pTfrvwIT2AtmWWd99PEvdlgv+24vTE=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
diff --git a/gohpts.go b/gohpts.go
@@ -433,31 +433,27 @@ func (p *proxyapp) colorizeTunnel(req, resp layers.Layer, sniffheader *[]string,
 	case *layers.TLSMessage:
 		var chs *layers.TLSClientHello
 		var shs *layers.TLSServerHello
-		if len(reqt.Records) > 0 {
-			hsrec := reqt.Records[0]
-			if hsrec.ContentType == layers.HandshakeTLSVal { // TODO: add more cases, parse all records
-				switch parser := layers.HSTLSParserByType(hsrec.Data[0]).(type) {
-				case *layers.TLSClientHello:
-					err := parser.ParseHS(hsrec.Data)
-					if err != nil {
-						return err
-					}
-					chs = parser
+		hsrec := reqt.Records[0]                         // len(Records) > 0 after dispatch
+		if hsrec.ContentType == layers.HandshakeTLSVal { // TODO: add more cases, parse all records
+			switch parser := layers.HSTLSParserByType(hsrec.Data[0]).(type) {
+			case *layers.TLSClientHello:
+				err := parser.ParseHS(hsrec.Data)
+				if err != nil {
+					return err
 				}
+				chs = parser
 			}
 		}
 		rest := resp.(*layers.TLSMessage)
-		if len(rest.Records) > 0 {
-			hsrec := rest.Records[0]
-			if hsrec.ContentType == layers.HandshakeTLSVal {
-				switch parser := layers.HSTLSParserByType(hsrec.Data[0]).(type) {
-				case *layers.TLSServerHello:
-					err := parser.ParseHS(hsrec.Data)
-					if err != nil {
-						return err
-					}
-					shs = parser
+		hsrec = rest.Records[0]
+		if hsrec.ContentType == layers.HandshakeTLSVal {
+			switch parser := layers.HSTLSParserByType(hsrec.Data[0]).(type) {
+			case *layers.TLSServerHello:
+				err := parser.ParseHS(hsrec.Data)
+				if err != nil {
+					return err
 				}
+				shs = parser
 			}
 		}
 		if chs != nil && shs != nil {
@@ -1045,7 +1041,7 @@ func dispatch(data []byte) (layers.Layer, error) {
 		return h, nil
 	}
 	m := &layers.TLSMessage{}
-	if err := m.Parse(data); err == nil {
+	if err := m.Parse(data); err == nil && len(m.Records) > 0 {
 		return m, nil
 	}
 	return nil, fmt.Errorf("failed sniffing traffic")
