得到TLS错误:HANDSHAKE_FAILURE,wireshark说握手失败(40)

时间:2017-09-09 17:24:55

标签: python scapy tls1.2 sni

我在下面的代码中握手时收到错误Got TLS error: FATAL alert returned by server: HANDSHAKE_FAILURE。可能是什么问题?

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from __future__ import with_statement
from __future__ import print_function
try:
    # This import works from the project directory
    from scapy_ssl_tls.ssl_tls import *
except ImportError:
    # If you installed this package via pip, you just need to execute this
    from scapy.layers.ssl_tls import *

tls_version = TLSVersion.TLS_1_2
# ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256]
# ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_256_CBC_SHA384]
# ciphers = [TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA]
# ciphers = [TLSCipherSuite.RSA_WITH_RC4_128_SHA]
# ciphers = [TLSCipherSuite.DHE_RSA_WITH_AES_128_CBC_SHA]
# ciphers = [TLSCipherSuite.DHE_DSS_WITH_AES_128_CBC_SHA]
ciphers = [TLSCipherSuite.ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
extensions = [TLSExtension() / TLSExtECPointsFormat(),
              TLSExtension() / TLSExtSupportedGroups()]


def tls_client(ip):
    with TLSSocket(client=True) as tls_socket:
        try:
            print("kooo")
            tls_socket.connect(ip)
            print("Connected to server: %s" % (ip,))
        except socket.timeout:
            print("Failed to open connection to server: %s" % (ip,), file=sys.stderr)
        else:
            try:
                server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions)
                server_hello.show()
                tls_socket.setsockopt(socket.SOL_IP, socket.IP_TTL, 20)
            except TLSProtocolError as tpe:
                print("Got TLS error: %s" % tpe, file=sys.stderr)
                tpe.response.show()
            else:
                resp = tls_socket.do_round_trip(TLSPlaintext(data="GET / HTTP/1.1\r\nHost: pirate.trade\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n"))
                print("Got response from server")
                resp.show()
            # finally:
            #     print(tls_socket.tls_ctx)


if __name__ == "__main__":
    if len(sys.argv) > 2:
        server = (sys.argv[1], int(sys.argv[2]))
    else:
        server = ("pirate.trade", 443)
tls_client(server)

以上代码取此链接。 https://github.com/tintinweb/scapy-ssl_tls/blob/master/examplesfull_rsa_connection_with_application_data.py

客户端Hello数据包收到错误 enter image description here

获取错误时收到服务器Hello数据包(在此数据包中收到错误) enter image description here

大多数讨论都说这个错误是由于没有任何常见的密码。但我确认有一个共同的密码。通过浏览器打开网站时,请参阅以下wireshark结果。

enter image description here

这是因为缺少SNI扩展吗?如果是的话,我怎么能在这里添加呢?

1 个答案:

答案 0 :(得分:0)

正如您所提到的,问题可能是您没有使用正确的密码套件。您的捕获存在问题:ClientHello显示了14个长密码套件表,但在您的代码中您只需添加一个,我们希望在您的数组中看到14个条目。您可以在捕获中扩展密码套件表检查ECDHE_ECDSA_WITH_AES_128_GCM_SHA256是否存在。

相关问题
最新问题