testssl.sh/etc/client-simulation.wireshark...

52 lines
3.9 KiB
Plaintext
Raw Normal View History

# This is a file which content has been manually created from Wireshark.
# The content needs to be added to client-simulation.txt which other part
# comes from the SSLlabs client API via update_client_sim_data.pl
# The whole process is done manually.
#
# Instructions how to add a client simulation:
# * Start wireshark at the client / router. Best is during capture to filter for the target you want to contribute.
# * Make sure you create a bit of encrypted traffic to a target of your choice 1) .
# * Make sure the client traffic is specific: For just "Android" do not use a browser.
# * Stop the recording.
# * If needed sort for ClientHello.
# * Look for the ClientHello which matches the source IP + destination IP you had in mind.
# * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
# * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients.
# * Adjust "lowest_protocol" and "highest_protocol" accordingly.
# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit GREASE.
# * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
# * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
# * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
# * For "handshakebytes" mark the Cipher Suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and
# supply it to ~/utils/hexstream2cipher.sh
# * Figure out the services by applying a good piece of logic
# * Before submitting a PR: test it yourself! You can also watch it again via wireshark
#
#
# 1) Attention: if you want to contribute it contains the target hostname (SNI)
names+=("Android 9.0 (native)")
short+=("android_90")
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
ciphersuites+=("")
sni+=("$SNI")
warning+=("")
handshakebytes+=("1603010246010002420303d6259dca682ab368c7e095da7189996da830514896063d4acdc83cb5d2c2568d2041a787bf8dd3d7a1ceda514a6606f1068432a13063ea320fd7e7b367af47ecae00220a0a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001d77a7a00000000001e001c0000196c68332e676f6f676c6575736572636f6e74656e742e636f6d00170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d00203e67895a11e9ce5c69df2995782adaddb7a03ef30b245000ca332d5940ecff20002d00020101002b000b0aeaea0304030303020301001b00030200026a6a0001000029010500e000da001c9941f6b101f853f370851e583bd22e03150fc67298947270c6058707fe1670efe590d777a34b9e2e2d0ec6aa8d0ddc375c2535934c75c9623d1a271f735417fdd9190dae7f4c8541c262f8fbfeee2e820f54f59f68e78503f5c093f6084037be22c20dad3d057f64dc73f2dd45948e27c707f3f2107b32040a21fa9c1273e7797aaf5a5bc8994e9eafc4bd43b2951e10f952564a910f146344ec6d0c49f75fc6a070c75f0ffdd84fe9e10f77c23f1062e90f9e1e396eddb84d8ac00bf7ac87c557622dd18c54bbc229268699c60434648b279dd86e996baee9d1c155002120235d43319c7d5bb4725a52fa782468cd2280bd622c40a36296b354759f6d4389")
protos+=("-no_ssl3 -no_ssl2")
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
lowest_protocol+=("0x0301")
highest_protocol+=("0x0304")
alpn+=("h2,http/1.1")
service+=("HTTP,FTP,SMTP,POP,IMAP")
minDhBits+=(-1)
maxDhBits+=(-1)
minRsaBits+=(-1)
maxRsaBits+=(-1)
minEcdsaBits+=(-1)
curves+=("X25519:secp256r1:secp384r1")
requiresSha2+=(false)
current+=(true)