我想解析TLS握手记录的Client Hello消息。 我正在看Github中的代码,该代码非常有用,并使用dpkt库来解析数据包。代码很清楚,但是我对以下部分代码有疑问:
def parse_client_hello(handshake):
hello = handshake.data
compressions = []
cipher_suites = []
extensions = []
payload = handshake.data.data
session_id, payload = unpacker('p', payload)
cipher_suites, pretty_cipher_suites = parse_extension(payload, 'cipher_suites')
verboseprint('TLS Record Layer Length: {0}'.format(len(handshake)))
verboseprint('Client Hello Version: {0}'.format(dpkt.ssl.ssl3_versions_str[hello.version]))
verboseprint('Client Hello Length: {0}'.format(len(hello)))
verboseprint('Session ID: {0}'.format(hexlify(session_id)))
print('[*] Ciphers: {0}'.format(pretty_cipher_suites))
def unpacker(type_string, packet):
"""
Returns network-order parsed data and the packet minus the parsed data.
"""
if type_string.endswith('H'):
length = 2
if type_string.endswith('B'):
length = 1
if type_string.endswith('P'): # 2 bytes for the length of the string
length, packet = unpacker('H', packet)
type_string = '{0}s'.format(length)
if type_string.endswith('p'): # 1 byte for the length of the string
length, packet = unpacker('B', packet)
type_string = '{0}s'.format(length)
data = struct.unpack('!' + type_string, packet[:length])[0]
if type_string.endswith('s'):
data = ''.join(data)
return data, packet[length:]
我的问题是关于unpacker()函数,该函数在oder中用于解析有关客户端Hello的信息,例如:密码套件,压缩。
我不知道此功能的目的是什么?
我还想知道是否可以使用dpkt.ssl.TLSClientHello的unpacker()函数来提取客户端Hello信息,例如密码套件,压缩等?