如何在Scapy中的tls中发送原始数据？

Question

Wireshark捕获了一个模糊处理工具发送的数据包，我想通过Scapy重新发送tls中的数据包。

此处是捕获的格式错误的packet。模式为\x18\x03\x01\x00\x01\x7f。 scapy分解的数据包结构如下：

>>> rdpcap("659726.pcap")[146].show()
###[ Ethernet ]### 
  dst= aa:aa:aa:aa:aa:aa
  src= 00:50:56:bb:64:01
  type= 0x800
###[ IP ]### 
     version= 4
     ihl= 5
     tos= 0x0
     len= 46
     id= 4211
     flags= DF
     frag= 0
     ttl= 128
     proto= tcp
     chksum= 0x0
     src= 192.168.40.214
     dst= 192.168.40.32
     \options\
###[ TCP ]### 
        sport= 61385
        dport= https
        seq= 351671141
        ack= 2538369473
        dataofs= 5
        reserved= 0
        flags= PA
        window= 508
        chksum= 0xd267
        urgptr= 0
        options= []
###[ Raw ]### 
           load= '\x18\x03\x01\x00\x01\x7f'

以下我从/examples/full_rsa_connection_with_application_data.py修改的脚本是重新发送数据包。它包含2个步骤：SSL握手和格式错误的数据包。

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from __future__ import with_statement
from __future__ import print_function
from scapy.all import *
try:
    # This import works from the project directory
    from scapy_ssl_tls.ssl_tls import *
except ImportError:
    # If you installed this package via pip, you just need to execute this
    from scapy.layers.ssl_tls import *

tls_version = TLSVersion.TLS_1_0
ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256]
# ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_256_CBC_SHA384]
# ciphers = [TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA]
ciphers = [TLSCipherSuite.RSA_WITH_RC4_128_SHA]
# ciphers = [TLSCipherSuite.DHE_RSA_WITH_AES_128_CBC_SHA]
# ciphers = [TLSCipherSuite.DHE_DSS_WITH_AES_128_CBC_SHA]
extensions = [TLSExtension() / TLSExtECPointsFormat(),
              TLSExtension() / TLSExtSupportedGroups()]


def tls_client(ip):
    with TLSSocket(client=True) as tls_socket:
        try:
            tls_socket.connect(ip)
            print("Connected to server: %s" % (ip,))
        except socket.timeout:
            print("Failed to open connection to server: %s" % (ip,), file=sys.stderr)
        else:
            try:
                server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions)
                server_hello.show()

                malformedPacket = Raw('\x18\x03\x01\x00\x01\x7f') #or malformedPacket = IP(dst="192.168.40.32")/TCP(dport=443)/raw('\x18\x03\x01\x00\x01\x7f')

                respMalformedPacket = tls_socket.do_round_trip(malformedPacket)
                print("response from malformed packet: ==========================================")
                respMalformedPacket.show()
                print("end of response from malformed packet: ==========================================")

            except TLSProtocolError as tpe:
                print("Got TLS error: %s" % tpe, file=sys.stderr)
                tpe.response.show()
            else:
                resp = tls_socket.do_round_trip(TLSPlaintext(data="GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"))
                print("Got response from server")
                resp.show()
            finally:
                print(tls_socket.tls_ctx)


if __name__ == "__main__":
    if len(sys.argv) > 2:
        server = (sys.argv[1], int(sys.argv[2]))
    else:
        server = ("127.0.0.1", 8443)
    tls_client(server)

我只想在SSL握手后将模式'\x18\x03\x01\x00\x01\x7f'发送到目标。 SSL握手由tls_socket.do_handshake()完成。然后，我想发送通过在ChangeCipherSpec之后添加original packet作为捕获的result而制作的格式错误的数据包。但是，它发送失败，这里是。我不知道如何在tls中正确发送原始数据。我需要一些建议。谢谢。