Wireshark mailing list archives
Re: [TLS parser]Help seeking idea to write TLS parser in basic way
From: Peter Wu <peter () lekensteyn nl>
Date: Sun, 15 Oct 2017 21:43:37 +0100
Hi Sadik, On Fri, Oct 13, 2017 at 11:54:46AM +0200, Sadik Sikder wrote:
i have a own netanalyzer [developed libpcap on linux c/c++]that works like kind of wireshark. the net analyzer developed by other team up to tcp parser and i need to write tls parser which parse following field values i have developed a TLS decryption system taking field values from analyzer like client random, server random etc. these are static. for totally automation /dynamic i need write a tls parser code for triggering automatic those field value fetching into my decryption tool. currently i am seeking information or idea how should i start to write TLS parser. i have no idea before that. a basic page example link or explanation would be great help.
Since you are posting this to the Wireshark Developers list... You could invoke Wireshark and parse its dissection results. E.g. tshark -r your.pcap -Y ssl -T pdml and then parse the dissection done by Wireshark. Though given your scenario, this is probably not what you meant. I already explained to you how Wireshark dissects TLS before: https://www.wireshark.org/lists/wireshark-dev/201709/msg00006.html To write your TLS parser you need to: - Implement TLS record parser (trivial) and reassembly. - Given the reassembled records, parse Handshake messages. - Given parsed Handshake messages, extract required information (Client Random, SKE, etc.). - ... How you implement this is up to you, what have you tried? (This is starting to get off-topic for wireshark-dev though.) -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- [TLS parser]Help seeking idea to write TLS parser in basic way Sadik Sikder (Oct 13)
- Re: [TLS parser]Help seeking idea to write TLS parser in basic way Peter Wu (Oct 15)