我正试图编写一个脚本来从PCAP中的TLS证书中提取id-at-commonName
,但我只能在Scapy输出中看到原始证书数据。是否有一种内置的方式以编程方式提取此字段
wireshark中commonName示例的id:
Transmission Control Protocol, Src Port: 443, Dst Port: 49316, Seq: 2921, Ack: 518, Len: 846
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 3761
Handshake Protocol: Server Hello
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 3368
Certificates Length: 3365
Certificates (3365 bytes)
Certificate Length: 1985
Certificate: 308207bd308205a5a00302010202137f00006063de96e91c… (id-at-commonName=*.vortex.data.microsoft.com)
signedCertificate
version: v3 (2)
serialNumber: 0x7f00006063de96e91c688cf928000000006063
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
validity
subject: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=*.vortex.data.microsoft.com)
RDNSequence item: 1 item (id-at-commonName=*.vortex.data.microsoft.com)
RelativeDistinguishedName item (id-at-commonName=*.vortex.data.microsoft.com)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: *.vortex.data.microsoft.com
subjectPublicKeyInfo
extensions: 11 items
algorithmIdentifier (sha256WithRSAEncryption)
Padding: 0
encrypted: 5d19abef2e2eba8b78b28b1211d0fc71775c8f9ff5c588f5…
Certificate Length: 1374
Certificate: 3082055a30820442a00302010202100fa74722c53d88c80f… (id-at-commonName=Microsoft RSA TLS CA 02,id-at-organizationName=Microsoft Corporation,id-at-countryName=US)
Handshake Protocol: Server Key Exchange
Scapy TLS输出-原始:
options = []
###[ TLS ]###
type = handshake
version = TLS 1.2
len = 3761 [deciphered_len= 1455]
iv = b''
\msg \
|###[ TLS Handshake - Server Hello ]###
| msgtype = server_hello
| msglen = 81
| version = TLS 1.2
| gmt_unix_time= Tue, 09 Feb 2021 06:14:02 -0800 (1612851242)
| random_bytes= cf3fe9cba84718362ff4a4553a7b6cb455dbfad045978f5f898db82d
| sidlen = 32
| sid = "<'\x00\x00\xd8\x82\xbe\x0fM\xecN6\xe7N\xdc\n\xba\x89\xf3\xba\xa2\x8c\x0cf\x9eG\xf8\xa9\x07\x0e\x00O"
| cipher = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
| comp = null
| extlen = 9
| \ext \
| |###[ TLS Extension - Extended Master Secret ]###
| | type = extended_master_secret
| | len = 0
| |###[ TLS Extension - Renegotiation Indication ]###
| | type = renegotiation_info
| | len = 1
| | reneg_conn_len= 0
| | renegotiated_connection= ''
|###[ Raw ]###
| load = '\x0b\x00\r(\x00\r%\x00\x07\xc10\x82\x07\xbd0\x82\x05\xa5\xa0\x03\x02\x01\x02\x02\x13\x7f\x00\x00`c\xde\x96\xe9\x1ch\x8c\xf9(\x00\x00\x00\x00`c0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000O1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x1e0\x1c\x06\x03U\x04\n\x13\x15Microsoft Corporation1 0\x1e\x06\x03U\x04\x03\x13\x17Microsoft RSA TLS CA 020\x1e\x17\r201005212911Z\x17\r211005212911Z0&1$0"\x06\x03U\x04\x03\x0c\x1b*.vortex.data.microsoft.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xe5oiw\n\xf7m\xd2.]\x95\x1d0dGm9\xb9+U\xea\xad\xbb-\xa6\xc9~\x89w\x92Ps\x87\x9ep\x15\xb3{_d\xc4W\xb7;\x16U\xaf\xfc \xc0\x02\x96\xa5\xaaPv\x1ep\xefy\xc1L\xb3Z\x91\x8e}r\x1bK}\x86TY\x11\x14\xc68$\x12\xcb\xa4\xe6\xa3\xdb\xf9\xb9\xc6O\x8a\xc9\xae\xfd*\xbe\xe1\xb9j\x17\x12W\xa9\xe0\x1e\xcfD\xe4\xc9\xa9\x9b\xfc\xe5(\x03\x94\x9a\xee\xe6~Z:\xb0\xdd\xcc4\xa8\xfd\x8a:J\xd8\x8ezd?\xef\xb1#H\xee{*\xd1\xaa\xbeo\xaaQ\'\x1d\xad:,\xc4\xb2P\r+2j0`\x10\xec}\x95\x93\x0e\xd3EX$\x01\xdf\t\x17\xa0\x95\xfb\xc9\x93\x86a&\x8ce\xbchfw8\xc3\x02\x9a\xc3r\x87\xcdlM\xdfhO`\xac\xe0\xe7\xc0}q\xaf\x19Yk\t>\xc3\xac\xbel\xcc\xf0\x8b\x84b\x98z\xbeM\x99\x89T\xa9\xf9Y\xe1\xc22J\x8fw\xf38\xbf\x12\xd4\xd3\x06\xa60HZ\xac\xf6\xeaq\x02\x03\x01\x00\x01\xa3\x82\x03\xb90\x82\x03\xb50\x82\x01\x03\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x81\xf4\x04\x81\xf1\x00\xef\x00t\x00}>\xf2\xf8\x8f\xff\x88Uh$\xc2\xc0\xca\x9eR\x89y+\xc5\x0ex\t\x7f.j\x97h\x99~"\xf0\xd7\x00\x00\x01t\xfa\xb4O2\x00\x00\x04\x03\x00E0C\x02\x1f0o\x82Yg\x00\xb4\x0b\x9d\xeb\xba\x8c\xb8\xfeM\xa0$)\xf0\x93\x95&\x14\xf9{\xe3\xf6$F\x9b!\x02 r\xa12\xef\xc2\xec\xcf\r\xed\x1a@\x1e\xe6\xcb\x9eq\xda\x9f\xb4\x0e_^]\t%j\x19\t\xee\xd7\x13\x93\x00w\x00\xee\xc0\x95\xee\x8drd\x0f\x92\xe3\xc3\xb9\x1b\xc7\x12\xa3ij\t{Kj\x1a\x148\xe6G\xb2\xcb\xed\xc5\xf9\x00\x00\x01t\xfa\xb4Q\x00\x00\x00\x04\x03\x00H0F\x02!\x00\x8f\xa5#\xf8\x19\x8d\xc7X1.B\xd4\xfaLG\xa8\xf3\xaa\xaa\ns\xf8dD\\9|3X\xb0\x06\xb7\x02!\x00\xce]\xa5\xe7l\xd1\x87L\x86\x17C\xf6\xbc\x9e\x9b\xbeo\x06\xffH\xcd\xb3-\xf9\xf8*\x05\xcb\x1cDj\xf50\'\x06\t+\x06\x01\x04\x01\x827\x15\n\x04\x1a0\x180\n\x06\x08+\x06\x01\x05\x05\x07\x03\x010\n\x06\x08+\x06\x01\x05\x05\x07\x03\x020>\x06\t+\x06\x01\x04\x01\x827\x15\x07\x0410/\x06\'+\x06\x01\x04\x01\x827\x15\x08\x87\xda\x86u\x83\xee\xd9\x01\x82\xc9\x85\x1b\x81\xb5\x9ea\x85\xf4\xeb`\x81]\x85\x86\x8eA\x87\xc2\x98P\x02\x01d\x02\x01%0\x81\x87\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04{0y0S\x06\x08+\x06\x01\x05\x05\x070\x02\x86Ghttp://www.microsoft.com/pki/mscorp/Microsoft%20RSA%20TLS%20CA%2002.crt0"\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x16http://ocsp.msocsp.com0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa9TH!\xa7n\xcd\x8c\x0e\xca\x9c,F\xca\x9c#2.\xb8\x840\x0b\x06\x03U\x1d\x0f\x04\x04\x03\x02\x04\xb00A\x06\x03U\x1d\x11\x04:08\x82\x1b*.vortex.data.microsoft.com\x82\x19vortex.data.microsoft.com0\x81\xb0\x06\x03U\x1d\x1f\x04\x81\xa80\x81\xa50\x81\xa2\xa0\x81\x9f\xa0\x81\x9c\x86Mhttp://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl\x86Khttp://crl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl0W\x06\x03U\x1d \x04P0N0B\x06\t+\x06\x01\x04\x01\x827*\x010503\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\'http://www.microsoft'
mac = b''
pad = b''
padlen = None
目前没有回答
相关问题 更多 >
编程相关推荐