can't get examples to work

[hackers-terabit]

you recommended using python2.x on a previous python3 support issue I created, I still can't get it to work with 2.7.

My port to python3 works without any errors but I was unable fetch the SSL/TLS layer (even through all of it shows up in pkt.show(),etc...) .

What specific python version is this working for you on? My goal is to grab the server hello,that's all I'm trying to do,if you can help me to get this working on any python version, I'll get it working with at least 3.4.

output showing the problems I'm facing:

# PYTHON=/usr/bin/python2.7 python2.7 ./examples/server_rsa.py 
Traceback (most recent call last):
  File "./examples/server_rsa.py", line 11, in <module>
    from scapy_ssl_tls.ssl_tls import *
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 581, in <module>
    class TLSServerHelloDone(PacketNoPayload):
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 583, in TLSServerHelloDone
    fields_desc = [XBLenField("length", None, length_of="data", fmt="!I", numbytes=3),
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 19, in __init__
    self.adjust_i2m = adjust_i2m
AttributeError: 'XBLenField' object has no attribute 'adjust_i2m'


# PYTHON=/usr/bin/python2.7 python2.7 ./examples/client_hello_rsa.py 
Traceback (most recent call last):
  File "./examples/client_hello_rsa.py", line 14, in <module>
    from scapy_ssl_tls.ssl_tls import *
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 581, in <module>
    class TLSServerHelloDone(PacketNoPayload):
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 583, in TLSServerHelloDone
    fields_desc = [XBLenField("length", None, length_of="data", fmt="!I", numbytes=3),
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 19, in __init__
    self.adjust_i2m = adjust_i2m
AttributeError: 'XBLenField' object has no attribute 'adjust_i2m'

# PYTHON=/usr/bin/python2.7 python2.7 ./examples/security_scanner.py 
Traceback (most recent call last):
  File "./examples/security_scanner.py", line 24, in <module>
    from scapy_ssl_tls.ssl_tls import *
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 581, in <module>
    class TLSServerHelloDone(PacketNoPayload):
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 583, in TLSServerHelloDone
    fields_desc = [XBLenField("length", None, length_of="data", fmt="!I", numbytes=3),
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 19, in __init__
    self.adjust_i2m = adjust_i2m
AttributeError: 'XBLenField' object has no attribute 'adjust_i2m'

[tintinweb]

Whats your python and scapy version (pip2 freeze)? I've seen some incompatibilities with recent scapy versions (seems like there's some major refactoring going on on their side) and thats why we've fixed the scapy version to scapy>=2.2.0,<2.3.3 in our requirements.txt.

This is how you should get started with the latest master build on a default kali2

#> python2 --version && cat /etc/issue.net
   Python 2.7.9
   Kali GNU/Linux 2.0
#> git clone https://github.com/tintinweb/scapy-ssl_tls.git && cd scapy-ssl_tls
#> pip2 install -r requirements.txt --upgrade
#> python2 setup.py install
#> pip2 freeze | grep scapy
   scapy==2.3.2
   scapy-ssl-tls==1.2.3
#> cd examples
#> python2 security_scanner.py client github.com 443
...
[*] supported ciphers: 5/333
 * RSA_WITH_AES_128_GCM_SHA256 (0x009c)
 * ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
 * ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
 * RSA_WITH_AES_256_CBC_SHA (0x0035)
 * RSA_WITH_AES_128_CBC_SHA (0x002f)

[*] supported protocol versions: 3/8
 * TLS_1_0 (0x0301)
 * TLS_1_1 (0x0302)
 * TLS_1_2 (0x0303)

[*] supported compressions methods: 1/3
 * NULL (0x0000)

[*] Events: 3
* EVENT - TLS EXTENSION SECURE RENEGOTIATION - not supported
* EVENT - HEARTBEAT - enabled (non conclusive heartbleed)
* EVENT - DOWNGRADE / POODLE - FALLBACK_SCSV honored (alert.inappropriate_fallback seen)

Scan took: 17.1621220112s

[hackers-terabit]

Thank you,it must be a version problem on my end then :
I have just pip,not pip2.
the output below is from a git clone of scapy-ssl_tls.

# PYTHON=/usr/bin/python2.7 python2.7 -m pip freeze | grep scapy
You are using pip version 8.1.1, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
scapy==2.3.2.dev376
scapy-ssl-tls==1.2.3
# PYTHON=/usr/bin/python2.7 python2.7 --version
Python 2.7.12
scapy-ssl_tls # PYTHON=/usr/bin/python2.7 python2.7 examples/security_scanner.py github.com 443
Traceback (most recent call last):
  File "examples/security_scanner.py", line 24, in <module>
    from scapy_ssl_tls.ssl_tls import *
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 581, in <module>
    class TLSServerHelloDone(PacketNoPayload):
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 583, in TLSServerHelloDone
    fields_desc = [XBLenField("length", None, length_of="data", fmt="!I", numbytes=3),
  File "/usr/lib64/python2.7/site-packages/scapy_ssl_tls/ssl_tls.py", line 19, in __init__
    self.adjust_i2m = adjust_i2m
AttributeError: 'XBLenField' object has no attribute 'adjust_i2m'

[tintinweb]

works just fine on my fedora 24. Would you mind uninstalling scapy 2.3.2.dev376 and installing scapy 2.3.2 from pip? I suspect that there's already some major changes in your dev version.

#> python --version
Python 2.7.12
#> pip freeze
scapy==2.3.2
scapy-ssl-tls==1.2.3

also, the supercall should probably be called first in __init__ but that shouldn't change a thing.

diff --git a/scapy_ssl_tls/ssl_tls.py b/scapy_ssl_tls/ssl_tls.py
index 1c65126..2f08009 100644
--- a/scapy_ssl_tls/ssl_tls.py
+++ b/scapy_ssl_tls/ssl_tls.py
@@ -15,13 +15,13 @@ import ssl_tls_registry as registry

 class BLenField(LenField):
     def __init__(self, name, default, fmt="I", adjust_i2m=lambda pkt, x:x, numbytes=None, length_of=None, count_of=None, adjust_m2i=lambda pkt, x:x):
+        LenField.__init__(self, name, default, fmt)
         self.name = name
         self.adjust_i2m = adjust_i2m
         self.adjust_m2i = adjust_m2i
         self.numbytes = numbytes
         self.length_of = length_of
         self.count_of = count_of
-        LenField.__init__(self, name, default, fmt)

         if fmt[0] in "@=<>!":
             self.fmt = fmt

[tintinweb]

Ok, I can reproduce it now. You're using a development version of scapy and scapy recently switched to __slots__. We do not support this change atm. Please uninstall your dev version und reinstall the official 2.3.2.

Let me know if you still have any issues with this.

cheers
tin

PS: fixing this is not trivial because with scapy >2.3.2 (includes all dev versions, not the release) not only slots were introduced (which is nice! and we could easily adopt that) but they've just broken the x509 interface. good bye backwards compatibility.

[hackers-terabit]

Ok, spot on, that fixed it. I was using scapy from their git to see if I can resolve some pip install issues I had earlier.

One thing I'd like to mention: https://github.com/tintinweb/scapy-ssl_tls/blob/master/examples/security_scanner.py#L29 I had to change that to:

diff --git a/examples/security_scanner.py b/examples/security_scanner.py
index 6bc02e1..180b777 100644
--- a/examples/security_scanner.py
+++ b/examples/security_scanner.py
@@ -26,7 +26,7 @@ try:
 except ImportError:
     # If you installed this package via pip, you just need to execute this
     from scapy.layers.ssl_tls import *
-    from scapy.layers.ssl_tls import x509_extract_pubkey_from_der
+    from scapy.layers.ssl_tls_crypto import x509_extract_pubkey_from_der

 import socket
 from collections import namedtuple

I still can't get it to sniff, I'll open a different issue for that after some testing if I still can't figure it out.
Thank you so much for being responsive , I really do appreciate your help.