ssl - 提取TLS记录层的C程序
问题描述
我正在尝试解析 pcap 以获取有效负载中仅 TLS 记录层的数据包字节。在我的以下代码中,我设法从包含 TLS 记录层的有效负载中仅获取 tcp 协议字节。我想进一步仅从中提取 TLS 记录层字节。你能告诉我如何修改我的代码以仅提取有效负载的那部分吗?
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet){
static int count = 1; /* packet counter */
/* declare pointers to packet headers */
const struct ether_header *ethernet; /* The ethernet header [1] */
const struct ip *ip; /* The IP header */
const struct tcphdr *tcp; /* The TCP header */
const struct sniff_udp *udp; /* The UDP header */
const char *payload; /* Packet payload */
int size_ip;
int size_tcp;
int size_udp;
int size_payload;
printf("\nPacket number %d:\n", count);
count++;
/* define ethernet header */
ethernet = (struct ether_header*)(packet);
/* define/compute ip header offset */
ip = (struct ip*)(packet + sizeof(struct ether_header));
size_ip = sizeof(struct ip);
if (size_ip < 20) {
//printf(" * Invalid IP header length: %u bytes\n", size_ip);
return;
}
/* print source and destination IP addresses */
printf(" From: %s\n", inet_ntoa(ip->ip_src));
printf(" To: %s\n", inet_ntoa(ip->ip_dst));
/* determine protocol */
switch(ip->ip_p) {
case IPPROTO_TCP:
printf(" Protocol: TCP\n");
break;
case IPPROTO_UDP:
printf(" Protocol: UDP\n");
break;
case IPPROTO_ICMP:
printf(" Protocol: ICMP\n");
return;
case IPPROTO_IP:
printf(" Protocol: IP\n");
return;
default:
printf(" Protocol: unknown\n");
return;
}
/*
* OK, this packet is TCP.
*/
/* define/compute tcp header offset */
if(ip->ip_p == IPPROTO_TCP)
{
tcp = (struct tcphdr *)(packet + sizeof(struct ether_header) + sizeof(struct ip));
size_tcp = sizeof(struct tcphdr);
printf(" Src port: %d\n", ntohs(tcp->th_sport));
printf(" Dst port: %d\n", ntohs(tcp->th_dport));
int sport = ntohs(tcp->th_sport);
int dport = ntohs(tcp->th_dport);
/* define/compute tcp payload (segment) offset */
payload = (u_char *)(packet + sizeof(struct ether_header) + sizeof(struct ip) + sizeof(struct tcphdr));
/* compute tcp payload (segment) size */
size_payload = header->len - (sizeof(struct ether_header) + sizeof(struct ip) + sizeof(struct tcphdr));
/*
* Print payload data; it might be binary, so don't just
* treat it as a string.
*/
if (size_payload > 0) {
printf(" Payload (%d bytes):\n", size_payload);
print_payload(payload, size_payload);
//if ((sport == 80) || (dport == 80))
//{
// printf(" HTTP prase:\n");
// prase_http(payload, size_payload);
//}
if(sport == 443 || dport == 443)
{
// printf(" SSL/TLS prase:\n");
//prase_ssl_tls(payload, size_payload);
//printf("%u",payload);
// print_payload(payload, size_payload);
parser(payload,size_payload);
}
}
}
/* UDP */
else if(ip->ip_p == IPPROTO_UDP)
{
udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + size_ip);
size_udp = 8;
printf(" Src port: %d\n", ntohs(udp->uh_sport));
printf(" Dst port: %d\n", ntohs(udp->uh_dport));
int sport = ntohs(udp->uh_sport);
int dport = ntohs(udp->uh_dport);
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_udp);
size_payload = ntohs(ip->ip_len) - (size_ip + size_udp);
if (size_payload > 0) {
//printf(" Payload (%d bytes:)\n", size_payload);
if(sport == 53 || dport == 53)
{
// printf(" DNS prase:\n");
// prase_dns(payload, size_payload);
}
}
}
return;
}
这是作为参数传递给 pcap_loop 的 got_packet 函数,它是 <pcap.h> 的一部分。所有参考结构都来自 <arpa/inet.h>,<net/ethernet.h>,<netinet/ip.h>, <netinet/tcp.h>
我正在寻找提取数据包的这一部分(附加图像链接): 来自wireshark的屏幕截图,关于我希望解析的内容
有人可以帮我解决这个问题吗?
解决方案
推荐阅读
- java - Java 8 到 Java 11 迁移中的单元测试失败
- java - Java:线程划分为块数组 - 执行器服务
- python - LSTM 模型在评估期间没有任何差异
- search - 你如何使用 vim-extension 在 vscode 中显示搜索文本?
- python - 在python中解析子/孙
- java - Java 静态到 Kotlin 的转换
- docker - Redis 将数据存储在 backup.db 文件中
- discord.js - 检查反应/每个用户,限制
- c - 使函数在 C 中的库外部不可见
- .htaccess - 当.htm 不在特定文件夹中时,htaccess 会重定向除 .htm 之外的所有内容