testssl.sh/etc/client-simulation.wireshark...

This file contains client handshake data manually created from Wireshark.
The content needs to be added to client-simulation.txt which other part
comes from the SSLlabs client API via ``update_client_sim_data.pl``
The whole process is done manually.

## Instructions how to add a client simulation:

* Start wireshark at a client or router. Best is during capture to filter for the target of your choice.
* Make sure you create a bit of encrypted traffic to your target. Attention, privacy: if you want to contribute, be aware that the ClientHello contains the target hostname (SNI).
* Make sure the client traffic is specific: For just "Android" do not use a browser! Be also careful with Google Apps, especially on older devices as they might come with an own/updated TLS stack
* Stop recording.
* If needed sort for ClientHello.
* Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic.
* Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
* Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
* Adjust "lowest_protocol" and "highest_protocol" accordingly.
* For "curves" mark the supported groups TLS extension --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2curves.sh`
* Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
* Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
* Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
* For "ciphers" mark the cipher suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2cipher.sh`
* "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh``
* Figure out the services by applying a good piece of human logic
* Before submitting a PR: test it yourself! You can also watch it again via wireshark
For better recognition put readme in a separate file 2020-01-13 11:34:25 +01:00			`This file contains client handshake data manually created from Wireshark.`
			`The content needs to be added to client-simulation.txt which other part`
Update client-simulation.wiresharked.md 2020-01-16 22:46:43 +01:00			comes from the SSLlabs client API via ``update_client_sim_data.pl``
For better recognition put readme in a separate file 2020-01-13 11:34:25 +01:00			`The whole process is done manually.`

			`## Instructions how to add a client simulation:`

Clarify / correct a few bits 2020-01-13 16:01:27 +01:00			`* Start wireshark at a client or router. Best is during capture to filter for the target of your choice.`
			`* Make sure you create a bit of encrypted traffic to your target. Attention, privacy: if you want to contribute, be aware that the ClientHello contains the target hostname (SNI).`
fix language 2020-01-17 11:59:41 +01:00			`* Make sure the client traffic is specific: For just "Android" do not use a browser! Be also careful with Google Apps, especially on older devices as they might come with an own/updated TLS stack`
Clarify / correct a few bits 2020-01-13 16:01:27 +01:00			`* Stop recording.`
For better recognition put readme in a separate file 2020-01-13 11:34:25 +01:00			`* If needed sort for ClientHello.`
			`* Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic.`
			`* Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.`
			`* Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)`
			`* Adjust "lowest_protocol" and "highest_protocol" accordingly.`
fixing typo in md file 2020-11-28 14:06:26 +01:00			* For "curves" mark the supported groups TLS extension --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2curves.sh`
For better recognition put readme in a separate file 2020-01-13 11:34:25 +01:00			`* Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).`
			`* Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true`
			`* Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle`
Clarify / correct a few bits 2020-01-13 16:01:27 +01:00			* For "ciphers" mark the cipher suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2cipher.sh`
			* "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh``
			`* Figure out the services by applying a good piece of human logic`
For better recognition put readme in a separate file 2020-01-13 11:34:25 +01:00			`* Before submitting a PR: test it yourself! You can also watch it again via wireshark`