Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clarify / correct a few bits

Browse Source
This commit is contained in:
Dirk Wetter
2020-01-13 16:01:27 +01:00
parent 69acd00731
commit a714aec912
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
etc/client-simulation.wiresharked.md
View File

@@ -5,10 +5,10 @@ The whole process is done manually.
## Instructions how to add a client simulation:
* Start wireshark at the client / router. Best is during capture to filter for the target you want to contribute.
* Make sure you create a bit of encrypted traffic to a target of your choice. Attention, privacy: if you want to contribute, be aware that the ClientHello contains the target hostname (SNI).
* Make sure the client traffic is specific: For just "Android" do not use a browser!
* Stop the recording.
* Start wireshark at a client or router. Best is during capture to filter for the target of your choice.
* Make sure you create a bit of encrypted traffic to your target. Attention, privacy: if you want to contribute, be aware that the ClientHello contains the target hostname (SNI).
* Make sure the client traffic is specific: For just "Android" do not use a browser! Use the play store app e.g..
* Stop recording.
* If needed sort for ClientHello.
* Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic.
* Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
@@ -18,9 +18,9 @@ The whole process is done manually.
* Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
* Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
* Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
* For "ciphers" mark the Cipher Suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to ~/utils/hexstream2cipher.sh
* "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ~/utils/hexstream2cipher.sh
* Figure out the services by applying a good piece of logic
* For "ciphers" mark the cipher suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2cipher.sh`
* "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh``
* Figure out the services by applying a good piece of human logic
* Before submitting a PR: test it yourself! You can also watch it again via wireshark