我正在尝试使用scapy ssl库通过TLS 1.2发送HTTP / 2 GET请求。代码如下。我没有收到任何错误,但也没有收到网页。请告诉我代码的问题。
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from __future__ import with_statement
from __future__ import print_function
import socket
import sys
try:
# This import works from the project directory
from scapy_ssl_tls.ssl_tls import *
except ImportError:
# If you installed this package via pip, you just need to execute this
from scapy.layers.ssl_tls import *
tls_version = TLSVersion.TLS_1_2
def tls_hello(sock):
client_hello = TLSRecord(version=tls_version) / TLSHandshake() /\
TLSClientHello(version=tls_version, compression_methods=[TLSCompressionMethod.NULL, ],
cipher_suites=[TLSCipherSuite.ECDHE_RSA_WITH_AES_128_CBC_SHA256, ], extensions=[TLSExtension() /
TLSExtALPN(protocol_name_list=[TLSALPNProtocol(data="h2"),
TLSALPNProtocol(data="h2-16"),
TLSALPNProtocol(data="h2-14"),
TLSALPNProtocol(data="http/1.1"),
])],)
# cipher_suites=[TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA, ])
# cipher_suites=[TLSCipherSuite.RSA_WITH_RC4_128_SHA, ])
# cipher_suites=[TLSCipherSuite.DHE_RSA_WITH_AES_128_CBC_SHA, ])
# cipher_suites=[TLSCipherSuite.DHE_DSS_WITH_AES_128_CBC_SHA, ])
sock.sendall(client_hello)
server_hello = sock.recvall()
server_hello.show()
def tls_client_key_exchange(sock):
client_key_exchange = TLSRecord(version=tls_version) / TLSHandshake() / sock.tls_ctx.get_client_kex_data()
client_ccs = TLSRecord(version=tls_version) / TLSChangeCipherSpec()
sock.sendall(TLS.from_records([client_key_exchange, client_ccs]))
sock.sendall(to_raw(TLSFinished(), sock.tls_ctx))
server_finished = sock.recvall()
server_finished.show()
def tls_client(ip):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect(ip)
sock = TLSSocket(sock, client=True)
print("Connected to server: %s" % (ip,))
except socket.timeout:
print("Failed to open connection to server: %s" % (ip,), file=sys.stderr)
else:
tls_hello(sock)
tls_client_key_exchange(sock)
print("Finished handshake. Sending application data (GET request)")
print("+++++++++++++++++")
sock.sendall(to_raw(TLSPlaintext(data="PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"), sock.tls_ctx))
#sock.sendall(to_raw(TLSPlaintext(data="GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"), sock.tls_ctx))
print("+++++++++++++++++")
resp = sock.recvall()
print("Got response from server")
resp.show()
print(sock.tls_ctx)
finally:
sock.close()
if __name__ == "__main__":
if len(sys.argv) > 2:
server = (sys.argv[1], int(sys.argv[2]))
else:
server = ("127.0.0.1", 443)
tls_client(server)
我得到的输出是:
Connected to server: ('127.0.0.1', 443)
###[ SSL/TLS ]###
\records \
|###[ TLS Record ]###
| content_type= handshake
| version = TLS_1_2
| length = 0x55
|###[ TLS Handshake ]###
| type = server_hello
| length = 0x51
|###[ TLS Server Hello ]###
| version = TLS_1_2
| gmt_unix_time= 1964528416
| random_bytes= '\xa5\x11\x11\x81\xc3V\x03Q\xdb>\x8b\x1d\x9e\x13\xa7\xfelT\x80\x97\xf5\x06.4\x18\xc8\x85X'
| session_id_length= 0x20
| session_id= '\x93\xfd\x95\xbc\x1d68w\x19{8\x83dz\xb4\\r\x81\xb7&\xb5\x14\x1d\xfc<fR\x00\xe7\xd3{\x90'
| cipher_suite= ECDHE_RSA_WITH_AES_128_CBC_SHA256
| compression_method= NULL
| extensions_length= 0x9
| \extensions\
| |###[ TLS Extension ]###
| | type = application_layer_protocol_negotiation
| | length = 0x5
| |###[ TLS Extension Application-Layer Protocol Negotiation ]###
| | length = 0x3
| | \protocol_name_list\
| | |###[ TLS ALPN Protocol ]###
| | | length = 0x2
| | | data = 'h2'
|###[ TLS Record ]###
| content_type= handshake
| version = TLS_1_2
| length = 0x41f
|###[ TLS Handshake ]###
| type = certificate
| length = 0x41b
|###[ TLS Certificate List ]###
| length = 0x418
| \certificates\
| |###[ TLS Certificate ]###
| | length = 0x415
| | \data \
| | |###[ Raw ]###
| | | load = '0\x82\x04\x110\x82\x02\xf9\xa0\x03\x02\x01\x02\x02\t\x00\xf6\x7f)\x04Yq\x7f\x830\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000\x81\x9e1\x0b0\t\x06\x03U\x04\x06\x13\x02IN1\x170\x15\x06\x03U\x04\x08\x0c\x0eMadhya-Pradesh1\x0f0\r\x06\x03U\x04\x07\x0c\x06Indore1\x130\x11\x06\x03U\x04\n\x0c\nIIT Indore1\r0\x0b\x06\x03U\x04\x0b\x0c\x04DCSE1\x180\x16\x06\x03U\x04\x03\x0c\x0fhttp2.nikhil.me1\'0%\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x18phd1401101002@iiti.ac.in0\x1e\x17\r170403070657Z\x17\r200402070657Z0\x81\x9e1\x0b0\t\x06\x03U\x04\x06\x13\x02IN1\x170\x15\x06\x03U\x04\x08\x0c\x0eMadhya-Pradesh1\x0f0\r\x06\x03U\x04\x07\x0c\x06Indore1\x130\x11\x06\x03U\x04\n\x0c\nIIT Indore1\r0\x0b\x06\x03U\x04\x0b\x0c\x04DCSE1\x180\x16\x06\x03U\x04\x03\x0c\x0fhttp2.nikhil.me1\'0%\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x18phd1401101002@iiti.ac.in0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xe1\xc3\x9cN\xc7gDz\xces\xca\'F&\x17\xcb\xe8e\xea\xdd_\x07\x9a\xab\xbf\xc6$\xfe\xf7\x84\x9d\x97|H\xdd3\xfdi\xbf\x17\xfe\x92\xad\x99..q\x97\x00\xcf\xad\xbcd\xe1j\x9e\x9b\xbcq\r\xd2~ \x98\xc8\x8c\x11\xdc\xd3G\x8e\x19b\x98\xde\xff\x13\xae{\xf4\x86\x99\xda\xb3(\\\xad\xd4B\x89\xb1\xdf?\x02\x04P\xe3\xe5\xe4\xa3\x13\xae>\x1e\xff\x18\x12\xd2x\x05\xa8\x88\xffY\xad\xbb\xfc\x95\x06|\xda\x8du&\xe6\'\xdd\xe3bY\xbd\x00\x9c\x14\xb6Kf\xbfu\x96\x87B\x80\x11\xe5d\x90\x0f\x05\x8f,\x95:1\xc1p[\x17\xe7c\x17{+\xc1\x03w\x87\xc1\xc2\x07\x9a<\x96\xa1\x9e\xa2e\xa5Rs\x88x\xd8m\xed\xa4h\xba\x83\xf9m\xd6H\xe0\xf4\x19\x97\xces\xe1\x04\x97\x1ae\xffV\xe6|\xdfV\xd5Q!Z6\xa0\x19C\xe5\xfd\n\xb5P\x9ch\x992\xf8\xce\x85\x15\xb1<\xd2\x95\x06\xa9\x9a\xdf\xa8\xef\x0e2\xa55\xb1Y\x19\x06\xb2y<\xea37e\x02\x03\x01\x00\x01\xa3P0N0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x149\xfe=n\x15\xa9P\xc5\xd4\x07\x8bF5\xa8\x05N\x0e\xa4\xf6\xa20\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x149\xfe=n\x15\xa9P\xc5\xd4\x07\x8bF5\xa8\x05N\x0e\xa4\xf6\xa20\x0c\x06\x03U\x1d\x13\x04\x050\x03\x01\x01\xff0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\xbck\x1c\xfb\xc9\xac]\x04\x12b\xc5\xf4!~\xb7\xc6\xa6Q[\x00S\xf2\xb1\xbe\xa1\x8fv\xb0\x90\x1f@Z\x10m<1\xe2\x9c\xf0\x1c\x922|\xde\x02?(#\xee{\xca\xc0\xc1\xe0\x88\xde6\x18,P\xa5\\\xb7\xa8\xa4\x80\xd6w\xc4\x99\xea:\xcf8\xd6\xbd(\xf2\xd7\x85j\x9f\xf7\x7f8\xd8\xcb\xf5?aIM\x97\x988\xe3\xe8t\xf4\x14\x95\xdeI\xc4\xce0\x9c\xbe\xdc7\x1d\xd6<OT\x811\xc2\x9f\xee\x7f{\xd5hJ\x0f\xa6\x8f\xe6\x7f\x18\xcd\x1f\\/\xa2&\xff\x83ee-\x83\x81\xb6\xbe\x05\xd23\xee\xf6\xae\x8e\x8fr\x80\xa0wai\x14Q\xa9\x85\x9e33@\xa6\x11(\x12(\xf9t\xdc& v\x7fw\xab\xc7\xda\xcfOU\x08\xa8\xcf^\xc0z\xfao=I"\x9e<*[\r\t\xc5}\xe3\t\x07\xf07\xd7\xc3\xf7\x1d\xa55\x00w\xdc=\xf0\xae\xec|\xc1\x97\x00\xa4\x9a\xf5e\x05\x92D\x1bl\xa7\xda\xf5\x80*\x96\xfe"J\x9c:\xdb(u\xaf5\x0b\x1cq'
|###[ TLS Record ]###
| content_type= handshake
| version = TLS_1_2
| length = 0x14d
|###[ TLS Handshake ]###
| type = server_key_exchange
| length = 0x149
|###[ TLS Server Key Exchange ]###
|###[ TLS EC Diffie-Hellman Server Params ]###
| curve_type= named_curve
| curve_name= secp256r1
| p_length = 0x41
| p = '\x04\xa8\x11\x0e\x90\x03\xf2\xc3~{=\x8dN\xd4\x1a6bZc0\xac\x02\xc8+\xe09\xaf\x83CO\xa4Z\x99\xc2h\x84\xc0\xb0\xd95Ogp\x949\xcb\xfc/E\tF\x99\xa5\x11\xd8\xb0+\xfd\xa4\xfb\x0c\x01h\xcb1'
| hash_type = sha1
| sig_type = rsa
| sig_length= 0x100
| sig = "C}\x0f\x02\xf0\xd2\xf1\x91\x01\xae`Gy\\\xf4'\xba\\\x1f\xd8\xbc\xd0\xca\x9e\xff\x9d\xb4\x83t\xdai/IP\xc7\xa0\x9b'\xcc{\xec[\xc7W\x1d\xb0\xd9\x11\xbb\xb8R\xad\xf0\xf6\xcaA{t\x18o/\x8e\xf6\x86\xba2C\xfe`j\xc9=\xd0w\xfbx\xaa\xa6S\x9b\xf8\x80\xf0\x16\xf8\xc1E\xbf\xba\xe1j\xbd\x03u_x}\xae\x86\x7f,U\xf9\xf0\\f\xef\xa5\xa7\xa3\xca`6\x93kH\xfe\xedy\xfc\xb2\xd7\xec\\\x9eg\xc8Ae\x125\xb4\xb1\xa0)\xbd\xc5\xb6@\xee\xcc;3rk\xdey\x81%\x014GH\x9fU\xa1&\x14\x9d\x81<Zu\x95\x14I\xbaEY\xac(\x08nea)\x12\x0fo\xc4\xde\xc2D\x16XA\xcb\x08\x8b\xe0\xebe\x0b\xbb\xfe\xe8\xd7j\xecT\x8a\xbe\xd7V\x8by\x01\xd9\xce\x11\x02\xd1\xa3\xf3\x14\x9a=\xe0\xbf\xe3\xc8=\x0f\xce\x9a\xc2\xb2\x85\x1a\x16y#[+y\xefq\xb3?\x8f=}\x91\xc9\x06\xe0[\xce;\x92n_\x91\xb9m^"
|###[ TLS Record ]###
| content_type= handshake
| version = TLS_1_2
| length = 0x4
|###[ TLS Handshake ]###
| type = server_hello_done
| length = 0x0
###[ SSL/TLS ]###
\records \
|###[ TLS Record ]###
| content_type= change_cipher_spec
| version = TLS_1_2
| length = 0x1
|###[ TLS ChangeCipherSpec ]###
| message = '\x01'
|###[ TLS Record ]###
| content_type= handshake
| version = TLS_1_2
| length = 0x50
|###[ TLS Handshake ]###
| type = finished
| length = 0xc
| explicit_iv= 'g\xb2N\xb3y,\xa9\n\xc6\x9d\xc7m\xc9\xe5\x11['
| mac = '\xdaw0\x9fF\xd3\xa7?P\xf26\xa5\xb8`A\x90p\x07G\xfa\x92\xe2\x86\x98\x02\x94G\xc0\x90\xe2\xc2\xd2'
| padding = '\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f'
| padding_len= 0xf
|###[ TLS Handshake Finished ]###
| data = '\x87\x1f!\xc7\x177&\xd7\xcb\x1b$\x00'
|###[ TLS Record ]###
| content_type= application_data
| version = TLS_1_2
| length = 0x60
|###[ TLS Plaintext ]###
| data = '\x00\x00\x1a\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0cUnknown error code'
| explicit_iv= '\xac3`\x01\xcdF3\x1b\x98H\xcc\xe2\xb6\x97\xa1\xca'
| mac = '\xf8l5\xab\x044>\xd4\x17F\xba\xe0\xff:\xbf\xed\xcbf \xcf\x1f\xd0\xb8\xc2\xd5\xec\x05\xc2e\x01\xcd_'
| padding = '\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c'
| padding_len= 0xc
|###[ TLS Record ]###
| content_type= alert
| version = TLS_1_2
| length = 0x40
|###[ TLS Alert ]###
| level = warning
| description= close_notify
| explicit_iv= '\x89\r\xf5\xbe,R\x0e8\xad5c\x05\x99\xea\xeb\x80'
| mac = 'c\xef\x08\xbfI\xf5\x85E\xd9\xb8\xa5C\n@\xdc\xf6\x96\x03\xdb\xb4\x0b\xb7\x04\x84?\x80R\xa8\xfd\xaa\x16\x99'
| padding = '\r\r\r\r\r\r\r\r\r\r\r\r\r'
| padding_len= 0xd
Finished handshake. Sending application data (GET request)
+++++++++++++++++
+++++++++++++++++
Got response from server
###[ SSL/TLS ]###
\records \
<TLSSessionCtx: id=140259983147536
params.handshake.client=<TLSClientHello version=TLS_1_2 cipher_suites=['ECDHE_RSA_WITH_AES_128_CBC_SHA256'] compression_methods=['NULL'] extensions=[<TLSExtension type=application_layer_protocol_negotiation |<TLSExtALPN protocol_name_list=[<TLSALPNProtocol data='h2' |>, <TLSALPNProtocol data='h2-16' |>, <TLSALPNProtocol data='h2-14' |>, <TLSALPNProtocol data='http/1.1' |>] |>>] |>
params.handshake.server=<TLSServerHello version=TLS_1_2 gmt_unix_time=1964528416 random_bytes='\xa5\x11\x11\x81\xc3V\x03Q\xdb>\x8b\x1d\x9e\x13\xa7\xfelT\x80\x97\xf5\x06.4\x18\xc8\x85X' session_id_length=0x20 session_id='\x93\xfd\x95\xbc\x1d68w\x19{8\x83dz\xb4\\r\x81\xb7&\xb5\x14\x1d\xfc<fR\x00\xe7\xd3{\x90' cipher_suite=ECDHE_RSA_WITH_AES_128_CBC_SHA256 compression_method=NULL extensions_length=0x9 extensions=[<TLSExtension type=application_layer_protocol_negotiation length=0x5 |<TLSExtALPN length=0x3 protocol_name_list=[<TLSALPNProtocol length=0x2 data='h2' |>] |>>] |>
params.negotiated.version=TLS_1_2
params.negotiated.ciphersuite=ECDHE_RSA_WITH_AES_128_CBC_SHA256
params.negotiated.key_exchange=ECDHE
params.negotiated.encryption=('AES', 16, 'CBC')
params.negotiated.mac=SHA256
params.negotiated.compression=NULL
crypto.client.enc=<Crypto.Cipher.AES.AESCipher instance at 0x7f90d13062d8>
crypto.client.dec=<Crypto.Cipher.AES.AESCipher instance at 0x7f90d13063b0>
crypto.server.enc=<Crypto.Cipher.AES.AESCipher instance at 0x7f90d13063f8>
crypto.server.dec=<Crypto.Cipher.AES.AESCipher instance at 0x7f90d1306440>
crypto.client.rsa.privkey=None
crypto.client.rsa.pubkey=None
crypto.server.rsa.privkey=None
crypto.server.rsa.pubkey=<_RSAobj @0x7f90d13464d0 n(2048),e>
crypto.client.dsa.privkey=None
crypto.client.dsa.pubkey=None
crypto.server.dsa.privkey=None
crypto.server.dsa.pubkey=None
crypto.client.dh.x=None
crypto.client.dh.y_c=None
crypto.server.dh.p=None
crypto.server.dh.g=None
crypto.server.dh.x=None
crypto.server.dh.y_s=None
crypto.client.ecdh.curve_name=None
crypto.client.ecdh.priv='\x9d\xa1\xc1)\xc7g\xcf+\xc1U\xffd\x0f\xd13\xf3G0\xb3>\x83\x8b1V\xa19S\xac\xb4\xe8\x18_'
crypto.client.ecdh.pub=(55660150079706264549060731250077677621567952543805917063205824042726931277737, 96171213429541138775191303156783500559576917020503549099364694827291830154118) on "secp256r1" => y^2 = x^3 + 115792089210356248762697446949407573530086143415290314195533631308867097853948x + 41058363725152142129326129780047268409114441015993725554835256314039467401291 (mod 115792089210356248762697446949407573530086143415290314195533631308867097853951)
crypto.server.ecdh.curve_name='secp256r1'
crypto.server.ecdh.priv=None
crypto.server.ecdh.pub=(76018695469186964965485429908810690080098805676135269709416857701937687321241, 87933360945342485384088790667444373602059838780977372442846636781953482279729) on "secp256r1" => y^2 = x^3 + 115792089210356248762697446949407573530086143415290314195533631308867097853948x + 41058363725152142129326129780047268409114441015993725554835256314039467401291 (mod 115792089210356248762697446949407573530086143415290314195533631308867097853951)
crypto.session.encrypted_premaster_secret=None
crypto.session.premaster_secret='\x8e\xd6\xf6\xe0)\x03\x07pd\x15OvRT\xa7\x1f\x1d\xe0|k\x13\xaa\xc3\xf7_>\xa9X\x08\xe3\xaa\x98'
crypto.session.master_secret='\x02\x91N\x90\xcc\xe7\xda\\\xf7!\x82\x9e\xf374@p\x07\xdfJM\x98\xcen_78\x1e\xf8\xdfo`\xc4\xde\x82\x9dw\x1c\xcb\xcf\xa8>\xe0\xe2\xc7\xbc\x84F'
crypto.session.randombytes.client='X\xea!\xf6\xe7S\xd8\xa6\xb9\x97\xd1nt\x96\x0e|W\xe9\xe2\xf4\xb95/F=D5\xcbu\x02r\x00'
crypto.session.randombytes.server='u\x18S \xa5\x11\x11\x81\xc3V\x03Q\xdb>\x8b\x1d\x9e\x13\xa7\xfelT\x80\x97\xf5\x06.4\x18\xc8\x85X'
crypto.session.key.client.mac='\x9d\xd7~\x9e\xd8\x89\x9b\x19\x0fN\xcb\xf3\xe3H\x08\xdfj\xe3h\xdaZ,\x1d\x08\xf8\xa3<\xe0!\xeb=\x85'
crypto.session.key.client.encryption='\xe2Z\xdf\\/\x18~\xd2\xc2G\xe6\xc9\x916.}'
crypto.session.key.cllient.iv='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
crypto.session.key.server.mac='\x90\x83^ ]\x8d\xef\x06\xae\xed\x1an\xe2\x15\x9c4\xb8\x8d\xc4>g\xc4\xcdXU\xe7\xc3\xa9yvQ\x87'
crypto.session.key.server.encryption='\xaf\xb76E\xbe@\x1cj\xbc\xbas\xb8+\xa9\xaf\x0e'
crypto.session.key.server.iv='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
crypto.session.key.length.mac=32
crypto.session.key.length.encryption=16
crypto.session.key.length.iv=16
>
答案 0 :(得分:0)
您没有向服务器发送任何HTTP / 2请求,因此您无法获得响应。
sock.sendall(to_raw(TLSPlaintext(data="PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"), sock.tls_ctx))
只会将HTTP / 2客户端前言发送到服务器,这是客户端启动HTTP / 2 连接的第一部分。根据规范,您还必须在此之后发送HTTP / 2设置框架(以二进制形式)。在此之后,您可以发送HTTP / 2请求,该请求由HPACK编码的HEADERS帧组成,并且可能跟随DATA帧。然后,服务器应响应相关的HEADERS和DATA帧作为响应。在此之前,您还将收到服务器SETTINGS框架,并可能为您自己的设置确认设置。