PyTLS项目是一个纯Python实现的非常低级别的SSL/TLS实现,内置了基本的服务器实现,可以很好地处理这项工作。
- 克隆https://github.com/WestpointLtd/pytls
- 运行
python server.py -p 4433
- 在浏览器中输入
https://localhost:4433/
正在运行的Python脚本将把浏览器请求的密码套件打印到控制台上。它们按优先顺序列出,其中浏览器最喜欢的密码套件位于列表的顶部。
例如:
Google Chrome 56, Windows 10, April 2017
Binding...
Connection from ('127.0.0.1', 64858)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 32
Cipher Suites:
0x8a8a GREASE_i
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xcca9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
0xcca8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
0xcc14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_non_iana
0xcc13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_non_iana
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0x009c TLS_RSA_WITH_AES_128_GCM_SHA256
0x009d TLS_RSA_WITH_AES_256_GCM_SHA384
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
Mozilla Firefox 52,Windows 10,2017年4月
Binding...
Connection from ('127.0.0.1', 64814)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 26
Cipher Suites:
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xcca9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
0xcca8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xc00a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0xc009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
curl 7.42.1 (x86_64-suse-linux-gnu) libcurl/7.42.1 OpenSSL/1.0.1k zlib/1.2.8 libidn/1.31 libssh2/1.5.0,2017年4月
(这是一个关于curl版本号和相关库的信息)
Binding...
Connection from ('127.0.0.1', 47096)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 118
Cipher Suites:
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
0xc024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0xc00a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0x00a3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
0x009f TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
0x006b TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
0x006a TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
0x0038 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
0x0088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
0x0087 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
0xc032 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
0xc02e TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
0xc02a TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
0xc026 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
0xc00f TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
0xc005 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
0x009d TLS_RSA_WITH_AES_256_GCM_SHA384
0x003d TLS_RSA_WITH_AES_256_CBC_SHA256
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
0xc023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0x00a2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
0x009e TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
0x0067 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
0x0040 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0x0032 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
0x009a TLS_DHE_RSA_WITH_SEED_CBC_SHA
0x0099 TLS_DHE_DSS_WITH_SEED_CBC_SHA
0x0045 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
0x0044 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
0xc031 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
0xc02d TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
0xc029 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
0xc025 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
0xc00e TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
0xc004 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
0x009c TLS_RSA_WITH_AES_128_GCM_SHA256
0x003c TLS_RSA_WITH_AES_128_CBC_SHA256
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0096 TLS_RSA_WITH_SEED_CBC_SHA
0x0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
0xc008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
0x0013 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
0xc00d TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
0xc003 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
0x00ff TLS_EMPTY_RENEGOTIATION_INFO_SCSV
同一浏览器的重复连接通常会显示不同的密码套件,因为浏览器可能会在请求的密码列表中的各个位置随机添加不同的GREASE密码套件。
请注意,此项目仅处理TLS记录和消息的传输,不涉及任何加密。它主要针对安全研究人员,旨在调查或复制不同SSL/TLS实现在协议级别上的行为,并需要一些有关所需协议行为的知识以有效地扩展其用途作为库。
免责声明:我与作者密切合作,并为该项目的某些方面做出了贡献。