如何提取TLS服务器证书数据(idatcommonName)?

2024-05-15 05:04:36 发布

您现在位置:Python中文网/ 问答频道 /正文
937 3

我正试图编写一个脚本来从PCAP中的TLS证书中提取id-at-commonName,但我只能在Scapy输出中看到原始证书数据。是否有一种内置的方式以编程方式提取此字段

wireshark中commonName示例的id:

Transmission Control Protocol, Src Port: 443, Dst Port: 49316, Seq: 2921, Ack: 518, Len: 846
Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 3761
        Handshake Protocol: Server Hello
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 3368
            Certificates Length: 3365
            Certificates (3365 bytes)
                Certificate Length: 1985
                Certificate: 308207bd308205a5a00302010202137f00006063de96e91c… (id-at-commonName=*.vortex.data.microsoft.com)
                    signedCertificate
                        version: v3 (2)
                        serialNumber: 0x7f00006063de96e91c688cf928000000006063
                        signature (sha256WithRSAEncryption)
                        issuer: rdnSequence (0)
                        validity
                        subject: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=*.vortex.data.microsoft.com)
                                RDNSequence item: 1 item (id-at-commonName=*.vortex.data.microsoft.com)
                                    RelativeDistinguishedName item (id-at-commonName=*.vortex.data.microsoft.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: uTF8String (4)
                                            uTF8String: *.vortex.data.microsoft.com
                        subjectPublicKeyInfo
                        extensions: 11 items
                    algorithmIdentifier (sha256WithRSAEncryption)
                    Padding: 0
                    encrypted: 5d19abef2e2eba8b78b28b1211d0fc71775c8f9ff5c588f5…
                Certificate Length: 1374
                Certificate: 3082055a30820442a00302010202100fa74722c53d88c80f… (id-at-commonName=Microsoft RSA TLS CA 02,id-at-organizationName=Microsoft Corporation,id-at-countryName=US)
        Handshake Protocol: Server Key Exchange

Scapy TLS输出-原始:

        options   = []
###[ TLS ]### 
           type      = handshake
           version   = TLS 1.2
           len       = 3761    [deciphered_len= 1455]
           iv        = b''
           \msg       \
            |###[ TLS Handshake - Server Hello ]### 
            |  msgtype   = server_hello
            |  msglen    = 81
            |  version   = TLS 1.2
            |  gmt_unix_time= Tue, 09 Feb 2021 06:14:02 -0800 (1612851242)
            |  random_bytes= cf3fe9cba84718362ff4a4553a7b6cb455dbfad045978f5f898db82d
            |  sidlen    = 32
            |  sid       = "<'\x00\x00\xd8\x82\xbe\x0fM\xecN6\xe7N\xdc\n\xba\x89\xf3\xba\xa2\x8c\x0cf\x9eG\xf8\xa9\x07\x0e\x00O"
            |  cipher    = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
            |  comp      = null
            |  extlen    = 9
            |  \ext       \
            |   |###[ TLS Extension - Extended Master Secret ]### 
            |   |  type      = extended_master_secret
            |   |  len       = 0
            |   |###[ TLS Extension - Renegotiation Indication ]### 
            |   |  type      = renegotiation_info
            |   |  len       = 1
            |   |  reneg_conn_len= 0
            |   |  renegotiated_connection= ''
            |###[ Raw ]### 
            |  load      = '\x0b\x00\r(\x00\r%\x00\x07\xc10\x82\x07\xbd0\x82\x05\xa5\xa0\x03\x02\x01\x02\x02\x13\x7f\x00\x00`c\xde\x96\xe9\x1ch\x8c\xf9(\x00\x00\x00\x00`c0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000O1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x1e0\x1c\x06\x03U\x04\n\x13\x15Microsoft Corporation1 0\x1e\x06\x03U\x04\x03\x13\x17Microsoft RSA TLS CA 020\x1e\x17\r201005212911Z\x17\r211005212911Z0&1$0"\x06\x03U\x04\x03\x0c\x1b*.vortex.data.microsoft.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xe5oiw\n\xf7m\xd2.]\x95\x1d0dGm9\xb9+U\xea\xad\xbb-\xa6\xc9~\x89w\x92Ps\x87\x9ep\x15\xb3{_d\xc4W\xb7;\x16U\xaf\xfc \xc0\x02\x96\xa5\xaaPv\x1ep\xefy\xc1L\xb3Z\x91\x8e}r\x1bK}\x86TY\x11\x14\xc68$\x12\xcb\xa4\xe6\xa3\xdb\xf9\xb9\xc6O\x8a\xc9\xae\xfd*\xbe\xe1\xb9j\x17\x12W\xa9\xe0\x1e\xcfD\xe4\xc9\xa9\x9b\xfc\xe5(\x03\x94\x9a\xee\xe6~Z:\xb0\xdd\xcc4\xa8\xfd\x8a:J\xd8\x8ezd?\xef\xb1#H\xee{*\xd1\xaa\xbeo\xaaQ\'\x1d\xad:,\xc4\xb2P\r+2j0`\x10\xec}\x95\x93\x0e\xd3EX$\x01\xdf\t\x17\xa0\x95\xfb\xc9\x93\x86a&\x8ce\xbchfw8\xc3\x02\x9a\xc3r\x87\xcdlM\xdfhO`\xac\xe0\xe7\xc0}q\xaf\x19Yk\t>\xc3\xac\xbel\xcc\xf0\x8b\x84b\x98z\xbeM\x99\x89T\xa9\xf9Y\xe1\xc22J\x8fw\xf38\xbf\x12\xd4\xd3\x06\xa60HZ\xac\xf6\xeaq\x02\x03\x01\x00\x01\xa3\x82\x03\xb90\x82\x03\xb50\x82\x01\x03\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x81\xf4\x04\x81\xf1\x00\xef\x00t\x00}>\xf2\xf8\x8f\xff\x88Uh$\xc2\xc0\xca\x9eR\x89y+\xc5\x0ex\t\x7f.j\x97h\x99~"\xf0\xd7\x00\x00\x01t\xfa\xb4O2\x00\x00\x04\x03\x00E0C\x02\x1f0o\x82Yg\x00\xb4\x0b\x9d\xeb\xba\x8c\xb8\xfeM\xa0$)\xf0\x93\x95&\x14\xf9{\xe3\xf6$F\x9b!\x02 r\xa12\xef\xc2\xec\xcf\r\xed\x1a@\x1e\xe6\xcb\x9eq\xda\x9f\xb4\x0e_^]\t%j\x19\t\xee\xd7\x13\x93\x00w\x00\xee\xc0\x95\xee\x8drd\x0f\x92\xe3\xc3\xb9\x1b\xc7\x12\xa3ij\t{Kj\x1a\x148\xe6G\xb2\xcb\xed\xc5\xf9\x00\x00\x01t\xfa\xb4Q\x00\x00\x00\x04\x03\x00H0F\x02!\x00\x8f\xa5#\xf8\x19\x8d\xc7X1.B\xd4\xfaLG\xa8\xf3\xaa\xaa\ns\xf8dD\\9|3X\xb0\x06\xb7\x02!\x00\xce]\xa5\xe7l\xd1\x87L\x86\x17C\xf6\xbc\x9e\x9b\xbeo\x06\xffH\xcd\xb3-\xf9\xf8*\x05\xcb\x1cDj\xf50\'\x06\t+\x06\x01\x04\x01\x827\x15\n\x04\x1a0\x180\n\x06\x08+\x06\x01\x05\x05\x07\x03\x010\n\x06\x08+\x06\x01\x05\x05\x07\x03\x020>\x06\t+\x06\x01\x04\x01\x827\x15\x07\x0410/\x06\'+\x06\x01\x04\x01\x827\x15\x08\x87\xda\x86u\x83\xee\xd9\x01\x82\xc9\x85\x1b\x81\xb5\x9ea\x85\xf4\xeb`\x81]\x85\x86\x8eA\x87\xc2\x98P\x02\x01d\x02\x01%0\x81\x87\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04{0y0S\x06\x08+\x06\x01\x05\x05\x070\x02\x86Ghttp://www.microsoft.com/pki/mscorp/Microsoft%20RSA%20TLS%20CA%2002.crt0"\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x16http://ocsp.msocsp.com0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa9TH!\xa7n\xcd\x8c\x0e\xca\x9c,F\xca\x9c#2.\xb8\x840\x0b\x06\x03U\x1d\x0f\x04\x04\x03\x02\x04\xb00A\x06\x03U\x1d\x11\x04:08\x82\x1b*.vortex.data.microsoft.com\x82\x19vortex.data.microsoft.com0\x81\xb0\x06\x03U\x1d\x1f\x04\x81\xa80\x81\xa50\x81\xa2\xa0\x81\x9f\xa0\x81\x9c\x86Mhttp://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl\x86Khttp://crl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl0W\x06\x03U\x1d \x04P0N0B\x06\t+\x06\x01\x04\x01\x827*\x010503\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\'http://www.microsoft'
           mac       = b''
           pad       = b''
           padlen    = None

Tags: comidtlsatmicrosoftx00x04x03
0条回答

目前没有回答

相关问题 更多 >

    编程相关推荐

    热门问题