Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [TLS parser]Help seeking idea to write TLS parser in basic way

From: Peter Wu <peter () lekensteyn nl>
Date: Sun, 15 Oct 2017 21:43:37 +0100
Hi Sadik,

On Fri, Oct 13, 2017 at 11:54:46AM +0200, Sadik Sikder wrote:

i have a own netanalyzer [developed libpcap on linux c/c++]that  works like
kind of wireshark. the net analyzer developed by other team up to tcp
 parser and i need to write tls parser which parse following field values
 i have developed a TLS decryption system taking field values from analyzer
like client random, server random etc. these are static. for totally
automation /dynamic i need write a tls parser code for triggering automatic
those field value fetching into my decryption tool.
currently i am seeking information or idea how should i start to write TLS
parser. i have no idea before that. a basic page example link or
explanation would be great help.


Since you are posting this to the Wireshark Developers list... You could
invoke Wireshark and parse its dissection results. E.g.

    tshark -r your.pcap -Y ssl -T pdml

and then parse the dissection done by Wireshark.

Though given your scenario, this is probably not what you meant.

I already explained to you how Wireshark dissects TLS before:
https://www.wireshark.org/lists/wireshark-dev/201709/msg00006.html

To write your TLS parser you need to:

 - Implement TLS record parser (trivial) and reassembly.
 - Given the reassembled records, parse Handshake messages.
 - Given parsed Handshake messages, extract required information (Client
   Random, SKE, etc.).
 - ...

How you implement this is up to you, what have you tried? (This is
starting to get off-topic for wireshark-dev though.)
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: