{ "info": { "author": "tintinweb", "author_email": "tintinweb@oststrom.com", "bugtrack_url": null, "classifiers": [], "description": ".. image:: https://travis-ci.org/tintinweb/scapy-ssl_tls.svg\n :target: https://travis-ci.org/tintinweb/scapy-ssl_tls\n\nSSL/TLS layers for scapy the interactive packet manipulation tool.\n\nScapy-SSL/TLS\n=============\n\nSSL/TLS and DTLS layers and TLS utiltiy functions for\n`Scapy `_.\n\nAn offensive stack for SSLv2, SSLv3 (TLS), TLS, DTLS penetration testing\nproviding easy access to packet crafting, automatic dissection,\nencryption, decryption, session tracking, basic TLS state machines,\nautomated handshakes, TLSSocket abstraction, cryptography containers,\npredefined hooks, SSL sniffing including minimalistic PCAP stream\ndecryption (RSA\\_WITH\\_\\*), fuzzing and security scanning\n(*Renegotiation, Heartbleed, Poodle, Logjam/Freak, DROWN, various Buffer\noverflows, ...*).\n\nCompatibility\n-------------\n\n**!! v2.x breaks backwards compatibility to v1.2.x branch due to major interface refactoring introduced with tls1_3 support !!**\n\nsee `Release Notes `_ \n\n\nFeatures\n--------\n\n- Protocol Support\n- TLS 1.3 draft 18\n- TLS 1.2\n- TLS 1.1\n- TLS 1.0\n- SSLv3/TLS Records\n- SSLv2 Handshake\n- DTLS Records\n- TLS Session Context\n- Session Tracking\n- Key sniffing (master\\_key, ...)\n- Client and Server support\n- Sniffer / PCAP processor and decryptor\n- State Machines\n- TLS Client Scapy Automata\n- TLS Server Scapy Automata\n\nInstallation\n------------\n\nOption 1: pip - download latest release from the python package index\n'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''\n\n::\n\n pip install scapy-ssl_tls\n\nOption 2: from source\n'''''''''''''''''''''\n\n::\n\n pip install -r requirements.txt\n python setup.py install\n\nOption 3: manual installation\n'''''''''''''''''''''''''''''\n\n1) install requirements from requirements.txt\n\n2) locate *< scapy >* installation directory:\n ``python -c \"import scapy; print scapy.__file__\"``\n\n3) copy scapy\\_ssl\\_tls/\\* to *< scapy >*/layers/\n\n4) modify *< scapy >*/config.py to autoload SSL/TLS\n\n::\n\n @@ -373,3 +373,3 @@\n load_layers = [\"l2\", \"inet\", \"dhcp\", \"dns\", \"dot11\", \"gprs\", \"hsrp\", \"inet6\", \"ir\", \"isakmp\", \"l2tp\",\n - \"mgcp\", \"mobileip\", \"netbios\", \"netflow\", \"ntp\", \"ppp\", \"radius\", \"rip\", \"rtp\",\n + \"mgcp\", \"mobileip\", \"netbios\", \"netflow\", \"ntp\", \"ppp\", \"radius\", \"rip\", \"rtp\",\"ssl_tls\",\n \"sebek\", \"skinny\", \"smb\", \"snmp\", \"tftp\", \"x509\", \"bluetooth\", \"dhcp6\", \"llmnr\", \"sctp\", \"vrrp\" ]\n\n\n\nverify installation:\n''''''''''''''''''''\n\n::\n\n #> python\n >>> from scapy_ssl_tls.ssl_tls import TLS\n >>> TLS\n \n #> scapy # via site-packages\n >>> from scapy_ssl_tls.ssl_tls import TLS\n >>> TLS\n \n #> scapy # with layers autoloaded via config.py\n >>> SSL\n \n >>> TLS\n \n >>> TLSRecord\n \n\nTroubleshooting\n---------------\n\n**Q:** ``sessionctx_sniffer.py`` does not seem to detect ``SSL/TLS`` or\ndoes not show any sniffed ``SSL/TLS`` sessions.\n**A:** This is problem caused by the import magic in\n``sessionctx_sniffer.py`` where the example might mix up imports from\nthe projects directory with the ones installed with ``pip`` or via\n``setup.py install``. Make sure to update to ``>=v1.2.3``, or run\n``sessionctx_sniffer.py`` from a different directory, or uninstall\nscapy-ssl\\_tls to use it directly from the project directory, or remove\nthe ``from scapy_ssl_tls.ssl_tls import *`` import lines from the\nexample.\n**Note:** This has been addressed with ``>=v1.2.3`` where the\nsystem-wide import has preference.\n\n**Q:** ``sessionctx_sniffer.py`` does not seem to dissect large\n``SSL/TLS`` records properly.\n**A:** In order to fully reconstruct *sniffed* ``SSL/TLS`` records one\nneeds to ``defragment`` the sniffed IP packets and ``reassemble`` them\nto TCP segments. Since TCP Stream reassembly is not an easy task\n(retransmissions, out-of-order segments, ...) - and therefore out of\nscope for this project - the ``sessionctx_sniffer.py`` example\nimplements a very limited tcp stream reassembly algorithm that only\ntries to reconstruct consecutive segments not taking into account any\ntype of flow-control (ordering, retransmissions, ...).\n\nExamples\n--------\n\nHeartbleed Record\n'''''''''''''''''\n\n::\n\n ==============================================================================\n >>> (TLSRecord(version=\"TLS_1_1\")/TLSHeartBeat(length=2**14-1,data='bleed...')).show()\n ###[ TLS Record ]###\n content_type= heartbeat\n version= TLS_1_1\n length= None\n ###[ TLS Extension HeartBeat ]###\n type= request\n length= 16383\n data= 'bleed...'\n padding= ''\n\nHeartbleed Attack\n'''''''''''''''''\n\n::\n\n import scapy\n from scapy.layers.ssl_tls import *\n import socket\n\n target = ('target.local',443)\n\n # create tcp socket\n s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n s.connect(target)\n p = TLSRecord(version=\"TLS_1_1\")/TLSHandshake()/TLSClientHello(version=\"TLS_1_1\")\n s.sendall(str(p))\n s.recv(8192)\n p = TLSRecord(version=\"TLS_1_1\")/TLSHeartBeat(length=2**14-1,data='bleed...')\n s.sendall(str(p))\n resp = s.recv(8192)\n print \"resp: %s\"%repr(resp)\n s.close()\n\nDissect TLSClientHello (pcap)\n'''''''''''''''''''''''''''''\n\n::\n\n >>> rdpcap(\"a.cap\")[3].show()\n ###[ Ethernet ]###\n dst= d0:ae:ec:c3:6e:d4\n src= f0:1f:af:1c:b6:01\n type= 0x800\n ###[ IP ]###\n version= 4L\n ihl= 5L\n tos= 0x0\n len= 257\n id= 12457\n flags= DF\n frag= 0L\n ttl= 128\n proto= tcp\n chksum= 0x5b97\n src= 192.168.2.45\n dst= 216.58.210.166\n \\options\\\n ###[ TCP ]###\n sport= 54988\n dport= https\n seq= 2403802801L\n ack= 3671968520L\n dataofs= 5L\n reserved= 0L\n flags= PA\n window= 64350\n chksum= 0x210e\n urgptr= 0\n options= []\n ###[ SSL/TLS ]###\n \\records\\\n |###[ TLS Record ]###\n | content_type= handshake\n | version= TLS_1_0\n | length= 0xd4\n |###[ TLS Handshake ]###\n | type= client_hello\n | length= 0xd0\n |###[ TLS Client Hello ]###\n | version= TLS_1_2\n | gmt_unix_time= 3242904930L\n | random_bytes= 'x\"W\\xe6\\xfd\\x97\\xb7\\xaf \\xda\\x12c\\x8c\\x07 o\\xe3\\th\\xc3\\xc1\\xe0\\xe3C\\xe4\\x00\\xc6\\xc7'\n | session_id_length= 0x0\n | session_id= ''\n | cipher_suites_length= 0x28\n | cipher_suites= ['ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'DHE_RSA_WITH_AES_128_GCM_SHA256', '0xcc14', '0xcc13', 'ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 'ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 'ECDHE_RSA_WITH_AES_128_CBC_SHA', 'ECDHE_RSA_WITH_AES_256_CBC_SHA', 'ECDHE_ECDSA_WITH_RC4_128_SHA', 'ECDHE_RSA_WITH_RC4_128_SHA', 'DHE_RSA_WITH_AES_128_CBC_SHA', 'DHE_DSS_WITH_AES_128_CBC_SHA', 'DHE_RSA_WITH_AES_256_CBC_SHA', 'RSA_WITH_AES_128_GCM_SHA256', 'RSA_WITH_AES_128_CBC_SHA', 'RSA_WITH_AES_256_CBC_SHA', 'RSA_WITH_3DES_EDE_CBC_SHA', 'RSA_WITH_RC4_128_SHA', 'RSA_WITH_RC4_128_MD5']\n | compression_methods_length= 0x1\n | compression_methods= ['NULL']\n | extensions_length= 0x7f\n | \\extensions\\\n | |###[ TLS Extension ]###\n | | type= server_name\n | | length= 0x17\n | |###[ TLS Extension Servername Indication ]###\n | | length= 0x15\n | | \\server_names\\\n | | |###[ TLS Servername ]###\n | | | type= host\n | | | length= 0x12\n | | | data= 'ad.doubleclick.net'\n | |###[ TLS Extension ]###\n | | type= renegotiation_info\n | | length= 0x1\n | |###[ TLS Extension Renegotiation Info ]###\n | | length= 0x0\n | | data= ''\n | |###[ TLS Extension ]###\n | | type= supported_groups\n | | length= 0x8\n | |###[ TLS Extension Elliptic Curves ]###\n | | length= 0x6\n | | elliptic_curves= ['secp256r1', 'secp384r1', 'secp521r1']\n | |###[ TLS Extension ]###\n | | type= ec_point_formats\n | | length= 0x2\n | |###[ TLS Extension EC Points Format ]###\n | | length= 0x1\n | | ec_point_formats= ['uncompressed']\n | |###[ TLS Extension ]###\n | | type= SessionTicket TLS\n | | length= 0x0\n | |###[ TLS Extension ]###\n | | type= next_protocol_negotiation\n | | length= 0x0\n | |###[ TLS Extension ]###\n | | type= application_layer_protocol_negotiation\n | | length= 0x1a\n | |###[ TLS Extension Application-Layer Protocol Negotiation ]###\n | | length= 0x18\n | | \\protocol_name_list\\\n | | |###[ TLS ALPN Protocol ]###\n | | | length= 0x8\n | | | data= 'spdy/3.1'\n | | |###[ TLS ALPN Protocol ]###\n | | | length= 0x5\n | | | data= 'h2-14'\n | | |###[ TLS ALPN Protocol ]###\n | | | length= 0x8\n | | | data= 'http/1.1'\n | |###[ TLS Extension ]###\n | | type= 0x7550\n | | length= 0x0\n | |###[ TLS Extension ]###\n | | type= status_request\n | | length= 0x5\n | |###[ Raw ]###\n | | load= '\\x01\\x00\\x00\\x00\\x00'\n | |###[ TLS Extension ]###\n | | type= signed_certificate_timestamp\n | | length= 0x0\n | |###[ TLS Extension ]###\n | | type= signature_algorithms\n | | length= 0x12\n | |###[ TLS Extension Signature And Hash Algorithm ]###\n | | length= 0x10\n | | \\algs\\\n | | |###[ TLS Signature Hash Algorithm Pair ]###\n | | | hash_alg= sha256\n | | | sig_alg= rsa\n | | |###[ TLS Signature Hash Algorithm Pair ]###\n | | | hash_alg= sha384\n | | | sig_alg= rsa\n | | |###[ TLS Signature Hash Algorithm Pair ]###\n | | | hash_alg= sha1\n | | | sig_alg= rsa\n | | |###[ TLS Signature Hash Algorithm Pair ]###\n | | | hash_alg= sha256\n | | | sig_alg= ecdsa\n | | |###[ TLS Signature Hash Algorithm Pair ]###\n | | | hash_alg= sha384\n | | | sig_alg= ecdsa\n | | |###[ TLS Signature Hash Algorithm Pair ]###\n | | | hash_alg= sha1\n | | | sig_alg= ecdsa\n | | |###[ TLS Signature Hash Algorithm Pair ]###\n | | | hash_alg= sha256\n | | | sig_alg= dsa\n | | |###[ TLS Signature Hash Algorithm Pair ]###\n | | | hash_alg= sha1\n | | | sig_alg= dsa\n\nFull Handshake with Application Data (DHE\\_RSA\\_WITH\\_AES\\_128\\_CBC\\_SHA)\n'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''\n\nsee /examples/full\\_rsa\\_connection\\_with\\_application\\_data.py\n\n::\n\n # python examples/full_rsa_connection_with_application_data.py localhost 443\n Connected to server: ('localhost', 443)\n ###[ SSL/TLS ]###\n \\records \\\n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_1\n | length = 0x2a\n |###[ TLS Handshake ]###\n | type = server_hello\n | length = 0x26\n |###[ TLS Server Hello ]###\n | version = TLS_1_1\n | gmt_unix_time= 1439578475\n | random_bytes= 'S-\\x0f\\x1bt\\x95\\xcc\\xa9wwI\\xb9\\xf5\\x10\\x12\\x11*\\x82%\\xdd\\xb6\\x1e\\xc0b\\xdc\\xac\\x9b'\n | session_id_length= 0x0\n | session_id= ''\n | cipher_suite= DHE_RSA_WITH_AES_128_CBC_SHA\n | compression_method= NULL\n | \\extensions\\\n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_1\n | length = 0x2de\n |###[ TLS Handshake ]###\n | type = certificate\n | length = 0x2da\n |###[ TLS Certificate List ]###\n | length = 0x2d7\n | \\certificates\\\n | |###[ TLS Certificate ]###\n | | length = 0x2d4\n | | \\data \\\n | | |###[ X509Cert ]###\n | | | version = \n | | | sn = \n | | | sign_algo = \n | | | sa_value = \n | | | \\issuer \\\n | | | |###[ X509RDN ]###\n | | | | oid = \n | | | | value = \n | | | not_before= \n | | | not_after = \n | | | \\subject \\\n | | | |###[ X509RDN ]###\n | | | | oid = \n | | | | value = \n | | | pubkey_algo= \n | | | pk_value = \n | | | pubkey = \n | | | \\x509v3ext \\\n | | | |###[ X509v3Ext ]###\n | | | | val = , ]]>\n | | | sign_algo2= \n | | | sa2_value = \n | | | signature = \n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_1\n | length = 0x20d\n |###[ TLS Handshake ]###\n | type = server_key_exchange\n | length = 0x209\n |###[ TLS Server Key Exchange ]###\n |###[ TLS Diffie-Hellman Server Params ]###\n | p_length = 0x80\n | p = '\\xd6}\\xe4@\\xcb\\xbb\\xdc\\x196\\xd6\\x93\\xd3J\\xfd\\n\\xd5\\x0c\\x84\\xd29\\xa4_R\\x0b\\xb8\\x81t\\xcb\\x98\\xbc\\xe9Q\\x84\\x9f\\x91.c\\x9cr\\xfb\\x13\\xb4\\xb4\\xd7\\x17~\\x16\\xd5Z\\xc1y\\xbaB\\x0b*)\\xfe2JFzc^\\x81\\xffY\\x017{\\xed\\xdc\\xfd3\\x16\\x8aF\\x1a\\xad;r\\xda\\xe8\\x86\\x00x\\x04[\\x07\\xa7\\xdb\\xcaxt\\x08}\\x15\\x10\\xea\\x9f\\xcc\\x9d\\xdd3\\x05\\x07\\xddb\\xdb\\x88\\xae\\xaat}\\xe0\\xf4\\xd6\\xe2\\xbdh\\xb0\\xe79>\\x0f$!\\x8e\\xb3'\n | g_length = 0x1\n | g = '\\x02'\n | ys_length = 0x80\n | y_s = \"\\xc9\\x1aK\\xe5\\xc2\\xd9@\\x83\\x05\\xd7\\xd1J1[\\xdb3\\xc2\\xa8\\xb7\\xa0\\xdd\\xc6cFjje\\x92d\\xc0\\n\\x1b\\xb6N\\xf3f\\x9c\\xa6\\xb86\\xf3\\xd8\\x91\\xcf\\x18\\x87|3\\x13fh\\x8a$\\xdf\\xd6\\xb6D\\x9d\\x90\\xf6\\x08*\\xee?\\x1f\\xc3/|\\xbe\\xbc\\xdd\\xf0\\x9aX\\x8b\\x00E\\x06\\x01\\x9a\\xc3\\xfc\\xb2\\x1b\\xa5\\xa7>3\\xc8\\x95\\x07\\xfb\\x84\\x1b\\xf9\\xa2!%\\xfc\\xf4\\xca`\\x1a'\\xd1\\xeaj\\x15c%\\xe7\\xa8 \\xfe,E\\x82\\x8e\\xc2S\\xd4e\\x88\\xf6\\xde\\xa7\\xd5 \"\n | sig_length= 0x100\n | sig = '1\\xd5!6H\\xfa\\x0e\\xe1\\x7f\\xa8\\x13!\\x83\\x05X1\\x92\\xab\\x9e^\\x8c\\xa1\\xe2\\x05Q\\xdajb\\x1b\\x98\\xc0\\xc0y\\xcbJ5!@P\\xe1\\xf02\\xc9Ar@\\xf5\\x1d\\xe3\\xa7<\\x10:\\xcd\\xab\\xa6\\r\\xf2p\\xbc@&l8\\xf9|\\xcd\\xc6\\xf5K\\x1c\\xbd\\xb0P1\\x18W\\x9b98O\\xa6\\xf4\\x95\\nm\\x92\\xb4\\xf8\"o\\xeb\\xcc\\xf7\\xbd\\xa6\\xf5\\x9b\\xc9\\xe1Iw\\xe8\\xefkn\\x13,\\x7f\\\\\\x7f(\\xc7X\\xad|\\x19\\xbd\\n\\x85\\xcd1\\xa3\\xb6=\\xd1\\xda\\xd1\\xec\\x95J\\x82\\xf4\\xcc/wz P\\x16\\xc3\\x99y\\xc1\\x08A\\xec\\x11\\xeb\\xb6tA*+\\xff\\xd5\\x0e\\xdb\\xf0I\\xb5^\\x8d2\\xc0\\x8b\\x06yuw\\xe9Z\\x80v\\xd8\\xca\\xe4\\x1f&\\x14\\xd4\\x8e\\x13\\xe4\\xef/6Jq\\xe6\\x87Y\\xb6i\\x03Y\\xa88\\xf3\\xe6|b8n\\xae\\xf4\\x81\\xc2\\xd6\\xcd\\x82\\xe9=\\xe1\\xfe\\r\\x90\\x9fp\\xa4\\t\\xe8\\xd4\\x7fL\\xa35\\xaa#\\xaa\\x9a\\x05\\xbfO\\xe9w\\x11d\\xa4\\xa7\\x98?\\xcb\\xec\\x1c\\xc6:l\\x0cb7\\xb0!,P\\xcc'\n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_1\n | length = 0x4\n |###[ TLS Handshake ]###\n | type = server_hello_done\n | length = 0x0\n ###[ SSL/TLS ]###\n \\records \\\n |###[ TLS Record ]###\n | content_type= change_cipher_spec\n | version = TLS_1_1\n | length = 0x1\n |###[ TLS ChangeCipherSpec ]###\n | message = '\\x01'\n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_1\n | length = 0x40\n |###[ TLS Plaintext ]###\n | data = '\\x14\\x00\\x00\\x0c\\x94\\tJ\\xb0\\xe5\\x8a\\xcb\\xceN\\xa3\\x16\\x86'\n | explicit_iv= '\\xbd\\xd3\\xcf\\x0e\\xd6Q\\xba\\xec:\\xad\\xc0\\xb8\\x81%a!'\n | mac = \"@*'?:\\x1bCR\\xf5UZ\\xcb\\t\\xbc\\x12CwW\\xfc\\x01\"\n | padding = '\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b'\n | padding_len= 0xb\n Finished handshake. Sending application data (GET request)\n Got response from server\n ###[ SSL/TLS ]###\n \\records \\\n |###[ TLS Record ]###\n | content_type= application_data\n | version = TLS_1_1\n | length = 0x140\n |###[ TLS Plaintext ]###\n | data = 'HTTP/1.1 200 OK\\r\\nDate: Fri, 14 Aug 2015 18:54:36 GMT\\r\\nServer: Apache/2.2.22 (Debian)\\r\\nLast-Modified: Thu, 25 Apr 2013 10:50:57 GMT\\r\\nETag: \"46fc5-b1-4db2d317b0640\"\\r\\nAccept-Ranges: bytes\\r\\nContent-Length: 177\\r\\nVary: Accept-Encoding\\r\\nContent-Type: text/html\\r\\nX-Pad: avoid browser bug\\r\\n\\r\\n'\n | explicit_iv= '\\xa7\\xb5p\\xf9\\x87!\\x89\\x1fS{\\xb3\\x90\\x86=]w'\n | mac = '\\xaf\\xcf\\x85.\\x1f\\xed\\x18\\x97\\xf1L.\\xa1\\x03\\xabh\\xcd\\xc6\\xaa\\xcb\\xdf'\n | padding = ''\n |###[ TLS Record ]###\n | content_type= application_data\n | version = TLS_1_1\n | length = 0xe0\n |###[ TLS Plaintext ]###\n | data = '

It works!

\\n

This is the default web page for this server.

\\n

The web server software is running but no content has been added, yet.

\\n\\n'\n | explicit_iv= 'FqV\\x86\\xe8v\\xafoJz\\x1c\\xdb\\xc6\\x0b\\x8ab'\n | mac = '\\x15\\x9b!\\x183\\xea\\xb0\\xa0\\x15\\xeedc2H\\xd8\\x97\\xf8\\x8d\\xaay'\n | padding = '\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n'\n | padding_len= 0xa\n \n params.handshake.server=\n params.negotiated.version=TLS_1_1\n params.negotiated.ciphersuite=DHE_RSA_WITH_AES_128_CBC_SHA\n params.negotiated.key_exchange=DHE\n params.negotiated.encryption=('AES', 16, 'CBC')\n params.negotiated.mac=SHA\n params.negotiated.compression=NULL\n crypto.client.enc=\n crypto.client.dec=\n crypto.server.enc=\n crypto.server.dec=\n crypto.server.rsa.privkey=None\n crypto.server.rsa.pubkey=\n crypto.server.dsa.privkey=None\n crypto.server.dsa.pubkey=None\n crypto.client.dh.x='\\xac\\x93\\x94\\xd8\\xf8\\x85hb\\xc4\\xb5\\x17\\x80\\x1b\\xb1\\xb9\\xcb\\xa3v$[\\xb5\\x95*\\xeb\\xfb\\xc5\\xdc\\x0c\\xa2J\\xbe\\x08'\n crypto.client.dh.y_c=':\\xe97\\x06{:\\xb2\\x13\\xb8\\xaa\\xa8\\x1b\\xf9\\xa5\\x13B\\xf6\\xe0\\xe2AY\\x97\\x9c\\xc7\\xcf|\\xc1XQ\\x98\\x9e\\xc2\\xd3\\t\\xf9\\xa7\\x9a\\xae\\x95\\xc1i\\xc4\\xe3\\x84D\\xdf\\x11^Z\\x1d7r:\\xd9\\xa1\\xf1\\x96\\xcf\\xdc\\x92\\x15\\x9f-\\x9a\\xbe\\x84 \\x9c\\x9clQ\\x8f\\xe7p\\x9c\\x8f\\xcf\\xefT)!\\x10I\\xb9\\x99\\xc5\\x99\\xe1\\x1f\\x03\\r\\xf8\\xa5\\xb1o\\t\\x01t\\x1a\\x0e\\x1c\\x029\\xc49\\xf5\\x08 _\\x03p\\xbe\\x97uZ\\xd2\\x0e\\x19\\xb8l[\\xd2\\x85\\x02\\x8e\\xc1j\\xaa'\n crypto.server.dh.p='\\xd6}\\xe4@\\xcb\\xbb\\xdc\\x196\\xd6\\x93\\xd3J\\xfd\\n\\xd5\\x0c\\x84\\xd29\\xa4_R\\x0b\\xb8\\x81t\\xcb\\x98\\xbc\\xe9Q\\x84\\x9f\\x91.c\\x9cr\\xfb\\x13\\xb4\\xb4\\xd7\\x17~\\x16\\xd5Z\\xc1y\\xbaB\\x0b*)\\xfe2JFzc^\\x81\\xffY\\x017{\\xed\\xdc\\xfd3\\x16\\x8aF\\x1a\\xad;r\\xda\\xe8\\x86\\x00x\\x04[\\x07\\xa7\\xdb\\xcaxt\\x08}\\x15\\x10\\xea\\x9f\\xcc\\x9d\\xdd3\\x05\\x07\\xddb\\xdb\\x88\\xae\\xaat}\\xe0\\xf4\\xd6\\xe2\\xbdh\\xb0\\xe79>\\x0f$!\\x8e\\xb3'\n crypto.server.dh.g='\\x02'\n crypto.server.dh.x=None\n crypto.server.dh.y_s=\"\\xc9\\x1aK\\xe5\\xc2\\xd9@\\x83\\x05\\xd7\\xd1J1[\\xdb3\\xc2\\xa8\\xb7\\xa0\\xdd\\xc6cFjje\\x92d\\xc0\\n\\x1b\\xb6N\\xf3f\\x9c\\xa6\\xb86\\xf3\\xd8\\x91\\xcf\\x18\\x87|3\\x13fh\\x8a$\\xdf\\xd6\\xb6D\\x9d\\x90\\xf6\\x08*\\xee?\\x1f\\xc3/|\\xbe\\xbc\\xdd\\xf0\\x9aX\\x8b\\x00E\\x06\\x01\\x9a\\xc3\\xfc\\xb2\\x1b\\xa5\\xa7>3\\xc8\\x95\\x07\\xfb\\x84\\x1b\\xf9\\xa2!%\\xfc\\xf4\\xca`\\x1a'\\xd1\\xeaj\\x15c%\\xe7\\xa8 \\xfe,E\\x82\\x8e\\xc2S\\xd4e\\x88\\xf6\\xde\\xa7\\xd5 \"\n crypto.session.encrypted_premaster_secret=None\n crypto.session.premaster_secret='\\xb7`\\xc2\\xb2\\x99\\xeb\\xbd\\xbee\\x9cD\\xaf\\x15A\\x1a3\\x1b\\x1b\\xc6\\xf3UKf\\xda\\xd1\\xe8\\x02\\xf2\\xce\\x10\\xe5$\\xe3J/\\x1cK\\x1b\\x9fP5b\\xc5\\xa0\\xab\\x1c_\\xca\\x0cH\\xb3\\xfb\\x10q\\x83,\\x148\\xb5\\xf1\\x0e\\x8d\\xd1\\xfd\\x03\\xa2,\\xa3\\xd1,\\xc3i)\\x0c\\xe9p\\xd0\\xc7:2\\xe5\\xdb1\\xb3\\x9f;h4\\xc5\\xce\\xad\\xa2\\x1d\\xf4\\xc7-\\xb5)\\x99l\\x93\\xc5~\\x92\\x1f\\xe0b\\xc5\\xea\\xb6(\\xee\\x9eHT\\x01\\xcb\\x9a\\xa5\\x07p\\x02\\x13\\xf3W\\xf4\\xf4V'\n crypto.session.master_secret='\\x00y\\x00b\\xfb\\xb7\\x95\\x1c\\x8d\\xaa\\x0f2q\\xc9G<\\xf8\\x15B`pp\\x05\\x88\\xb6\\x02\\x00\\t:k\\xc1\\xd4t\\xdc&\\xa6\\x040\\xfa4z8\\x18yVz\\xcd\\x00'\n crypto.session.randombytes.client='U\\xce9k\\xb0l\\x89\\xfe\\x95\\xe45\\xef\\x88g\\xe8\\x1cz%wc\\xb7\\xd1\\xcc\\xd5,\\x03Xx\\x0eB\\xd9@'\n crypto.session.randombytes.server='U\\xce9kS-\\x0f\\x1bt\\x95\\xcc\\xa9wwI\\xb9\\xf5\\x10\\x12\\x11*\\x82%\\xdd\\xb6\\x1e\\xc0b\\xdc\\xac\\x9b\\x00'\n crypto.session.key.client.mac='\\xd9\\xdcX\\xf9\\x83\\x10j\\xf9\\x9bz8i\\nzt\\xc2|wn\\x11'\n crypto.session.key.client.encryption='S\\xa8F\\x18x\\xae\\xd5\\x0e\\x97\\xdb\\x05PU-+\"'\n crypto.session.key.cllient.iv='\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n crypto.session.key.server.mac='\\xda\\xe2\\x9fw\\xe0\\x87\\xabDD\\xfb\\xfc\\xa1&\\xff\\xf1\\x82\\x8e\\xe5\\xd38'\n crypto.session.key.server.encryption='\\x981\\xbf\\xcb\\x1b<\\xa3!\\xa2\\x85[I\\xafb\\xe2\\xfe'\n crypto.session.key.server.iv='\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n crypto.session.key.length.mac=20\n crypto.session.key.length.encryption=16\n crypto.session.key.length.iv=16\n >\n\nFull Handshake with Application Data (ECDHE\\_RSA\\_WITH\\_AES\\_128\\_CBC\\_SHA256)\n''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''\n\nsee /examples/full\\_rsa\\_connection\\_with\\_application\\_data.py\n\n::\n\n # python examples/full_rsa_connection_with_application_data.py localhost 443\n Connected to server: ('localhost', 443)\n ###[ SSL/TLS ]###\n \\records \\\n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_2\n | length = 0x2a\n |###[ TLS Handshake ]###\n | type = server_hello\n | length = 0x26\n |###[ TLS Server Hello ]###\n | version = TLS_1_2\n | gmt_unix_time= 1450127754\n | random_bytes= 'b\\x81\\x06Q\\xca\\x9a71N\\xc5\n | | | sn = \n | | | sign_algo = \n | | | sa_value = \n | | | \\issuer \\\n | | | |###[ X509RDN ]###\n | | | | oid = \n | | | | value = \n | | | not_before= \n | | | not_after = \n | | | \\subject \\\n | | | |###[ X509RDN ]###\n | | | | oid = \n | | | | value = \n | | | pubkey_algo= \n | | | pk_value = \n | | | pubkey = \n | | | \\x509v3ext \\\n | | | |###[ X509v3Ext ]###\n | | | | val = , ]]>\n | | | sign_algo2= \n | | | sa2_value = \n | | | signature = \n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_2\n | length = 0x14d\n |###[ TLS Handshake ]###\n | type = server_key_exchange\n | length = 0x149\n |###[ TLS Server Key Exchange ]###\n |###[ TLS EC Diffie-Hellman Server Params ]###\n | curve_type= named_curve\n | curve_name= secp256r1\n | p_length = 0x41\n | p = \"\\x04\\x1b\\x85z\\xe3\\xf1\\xfe\\x107\\xfa\\x1d\\x85b2\\xe2\\x96\\x85'\\x80\\n\\x9c\\x85\\xa5\\xfa\\x10&L\\xb9\\x82\\x18\\xe3\\xd5\\xff\\x0eD|(g\\x1c\\x03\\x9b\\xe2\\xa8\\x1f\\x92\\x8b\\xa7\\xb8\\xeb\\xd8\\xf6\\x14v\\xafQ\\x94U1[\\xc0d1\\xff\\xc2\\xca\"\n | hash_type = sha1\n | sig_type = rsa\n | sig_length= 0x100\n | sig = '\\xc07E\\xab\\xe9\\xb6\\xe5\\x8a_\\x1f;\\x7f>\\x8c\\xb5\\xe0\\xf2:\\xbb\\xeaIk\\xee0f\\xc0\\xef\\x94`\\xfc\\x9e\\x00\\x0e\\x00\\x14\\x01\\x0b\\x01\\x9akqXw\\xc90AO\\x1ar\\xf4\\x82\\x86Y`\\xb5;\\xad]\\x9e\\x16\\x866\\x0c:\"O\\xf3l\\x0c\\xd8\\x14\\xda\\x17E+\\x14\\xd5F\\x07\\xf3\\xafF\\x0f.+\\x05i\\xc1\\x13\\x0f2\\x0f\\xc0l(\\x86\\xa0N\\x08\\xad\\xd19&i2\\' \\x0e\\x19}\\xb6\\xbf\\xed\\xf1\\xbf\\x89\\xe9\\xd7\\x179I\\xe2$\\xa4\\xd4pX\\xfb\\x0c\\t-5\\x8f\\xe69R\\xf1U\\xf2\\xfc\\xd3\\x0c\\x14\\xa7f\\xf9\\xba(t\\x0b\\xec\\x82?wWe\\x88\\xf8\\x943Kf\\xa8`\\xf5\\xa0b\\xdea\\xc4\\xef\\x8e\\xcc\\xbbb\\x97\\x0b\\x00\\xb9\\x02\\xf7\\xf6\\x1a\\xf8\\xedjv\\xa6 \\xfc\\x95!\\x93\\x1c\\xfd\\x13Y\\x1c(\\x07\\x95\\xbf\\xa8\\x17\\xd5\\x96\\xd5\\xa3\\xc4c\\xcd\\xfa\\xac\\x12U|!ti\\x15O\\xf5\\xd3F\\xdd\\x7fr\\xf5\\x83\\x11\\xb9\\xf7`\\x0f\\xf9?<\\x96\\xd8dL\\xcd\\x02\\x1f\\xf6\\x12\\x07\\x14\\xa1\\x8d#\\xde9\\x86J]'\n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_2\n | length = 0x4\n |###[ TLS Handshake ]###\n | type = server_hello_done\n | length = 0x0\n ###[ SSL/TLS ]###\n \\records \\\n |###[ TLS Record ]###\n | content_type= change_cipher_spec\n | version = TLS_1_2\n | length = 0x1\n |###[ TLS ChangeCipherSpec ]###\n | message = '\\x01'\n |###[ TLS Record ]###\n | content_type= handshake\n | version = TLS_1_2\n | length = 0x50\n |###[ TLS Plaintext ]###\n | data = '\\x14\\x00\\x00\\x0c\\x10s\\xd9?)WB\\xcf\\xffY\\xed}'\n | explicit_iv= '\\xca7\\xa8\\x86\\x86\\xd2\\xe1\\x18&\\xf9r-\\x8a\\x86\\xbf\\x16'\n | mac = '\\xbf\\xb8\\x07\\x15\\xc5\\x91\\xe4SBLQ\\xef\\x9b\\xdc\\xcb\\x89d\\xb5\\xde\\xec\\x11T\\x98gG>T\\xc4\\xe8\\x8b\\n\\x03'\n | padding = '\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f\\x0f'\n | padding_len= 0xf\n Finished handshake. Sending application data (GET request)\n Got response from server\n ###[ SSL/TLS ]###\n \\records \\\n |###[ TLS Record ]###\n | content_type= application_data\n | version = TLS_1_2\n | length = 0x150\n |###[ TLS Plaintext ]###\n | data = 'HTTP/1.1 200 OK\\r\\nDate: Mon, 14 Dec 2015 21:15:56 GMT\\r\\nServer: Apache/2.2.22 (Debian)\\r\\nLast-Modified: Thu, 25 Apr 2013 10:50:57 GMT\\r\\nETag: \"46fc5-b1-4db2d317b0640\"\\r\\nAccept-Ranges: bytes\\r\\nContent-Length: 177\\r\\nVary: Accept-Encoding\\r\\nContent-Type: text/html\\r\\nX-Pad: avoid browser bug\\r\\n\\r\\n'\n | explicit_iv= '\\x04\\xa4lS\\xa1\\xbe\\xeaI\\xca\\xc9Zp\\xa6\\xc8\\x94\\x9e'\n | mac = '5\\xb374\\xeb\\xd7\\x990\\xaf\\x11/\\xd8\\x8c\\x86\\x9f\\x8cVm\\xe1\\xfbD>P\\xf1\\x84\\xd4\\xb1\\x7f[Ku\\n'\n | padding = '\\x04\\x04\\x04\\x04'\n | padding_len= 0x4\n |###[ TLS Record ]###\n | content_type= application_data\n | version = TLS_1_2\n | length = 0xf0\n |###[ TLS Plaintext ]###\n | data = '

It works!

\\n

This is the default web page for this server.

\\n

The web server software is running but no content has been added, yet.

\\n\\n'\n | explicit_iv= '\\x19\\t-\\xe8\\xa5\\xe3;\\xad^\\x8d\\x8d\\xf2I\\x1c\\xcb\\xad'\n | mac = '<\\xd5\\xb5\\x90\\x9d\\x9b\\x8c8B\\xc1\\xe8\\xfb\\xdd\\x91\\n\\x8b\\xaee\\xab]\\xfd\\xd5kD\\xc8\\x86\\xa1\\x02YR\\x1e\\x9a'\n | padding = '\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e\\x0e'\n | padding_len= 0xe\n \n params.handshake.server=\n params.negotiated.version=TLS_1_2\n params.negotiated.ciphersuite=ECDHE_RSA_WITH_AES_128_CBC_SHA256\n params.negotiated.key_exchange=ECDHE\n params.negotiated.encryption=('AES', 16, 'CBC')\n params.negotiated.mac=SHA256\n params.negotiated.compression=NULL\n crypto.client.enc=\n crypto.client.dec=\n crypto.server.enc=\n crypto.server.dec=\n crypto.server.rsa.privkey=None\n crypto.server.rsa.pubkey=\n crypto.server.dsa.privkey=None\n crypto.server.dsa.pubkey=None\n crypto.client.dh.x=None\n crypto.client.dh.y_c=None\n crypto.server.dh.p=None\n crypto.server.dh.g=None\n crypto.server.dh.x=None\n crypto.server.dh.y_s=None\n crypto.client.ecdh.curve_name=None\n crypto.client.ecdh.priv='^\\xba\\xeb\\xcc\\xb3>\\x85\\xa4O\\x88#\\t\\xfe\\x11etc\\xe3HE\\xdf\\xab5\"\\x00*\\xa7\\xa4\\xba\\x16\\rY'\n crypto.client.ecdh.pub=(15593007407665255161332890480389306948921121224892181265648081329388797451046, 97367016829523129655161775995807426469043502553948069450170722834830665800268) on \"secp256r1\" => y^2 = x^3 + 115792089210356248762697446949407573530086143415290314195533631308867097853948x + 41058363725152142129326129780047268409114441015993725554835256314039467401291 (mod 115792089210356248762697446949407573530086143415290314195533631308867097853951)\n crypto.server.ecdh.curve_name='secp256r1'\n crypto.server.ecdh.priv=None\n crypto.server.ecdh.pub=(12448285729810697387785923206705205168894064463590796449895082178698960688639, 6453382386374218660658583494811319811574853038993757274506963746262301524682) on \"secp256r1\" => y^2 = x^3 + 115792089210356248762697446949407573530086143415290314195533631308867097853948x + 41058363725152142129326129780047268409114441015993725554835256314039467401291 (mod 115792089210356248762697446949407573530086143415290314195533631308867097853951)\n crypto.session.encrypted_premaster_secret=None\n crypto.session.premaster_secret='\\xd8\\xf0&5\\x02\\xcar^(\\xd9\\x1b0X\\xb5`\\x89\\x16\\xc0HM\\x85[*\\x93\\xacx\\xfbj\\x86O\\x01\\x83'\n crypto.session.master_secret='\\xb91\\xaa&\\xfc\\xac\\xf7\\x12\\xca\\xa0\\xa8\\xc5\\xd5\\x9e\\xdf\\x14\\x877\\xdf(#\\xe0\\x9c\\xc6\\xf1\\x93@\\x15\\x8dgS4\\xe0\\x915\\x1a\\x1d\\xcc\\x10g\\xde\\x16=\\x0f\\x1a\\x02s\\xe7'\n crypto.session.randombytes.client='Vo1\\x8aP\\x01,C\\xc8(\\x17\\x8eb}\\xeeZ\\xde\\xb6\\xd0\\xf7\\xd7\\x96)\\xc0\\xb2\\xc9\\xb4\\x10\\xc1P\\\\J'\n crypto.session.randombytes.server='Vo1\\x8ab\\x81\\x06Q\\xca\\x9a71N\\xc5\n\nSCSV Fallback Testing\n'''''''''''''''''''''\n\nsocket stream example to test remote implementations for protocol\ndowngrading attemps (following latest SSL POODLE attacks) -\nexamples/SCSV\\_fallback\\_test.py\n\n::\n\n for: ('google.com', 443)\n record hello\n ('SSL_3_0', 'SSL_3_0') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK SSL_3_0\n ('SSL_3_0', 'TLS_1_0') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK TLS_1_0\n ('SSL_3_0', 'TLS_1_2') ... resp: TLSServerHello: outer TLS_1_2 inner TLS_1_2\n ('SSL_3_0', 'TLS_1_1') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK TLS_1_1\n ('TLS_1_0', 'SSL_3_0') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK SSL_3_0\n ('TLS_1_0', 'TLS_1_0') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK TLS_1_0\n ('TLS_1_0', 'TLS_1_2') ... resp: TLSServerHello: outer TLS_1_2 inner TLS_1_2\n ('TLS_1_0', 'TLS_1_1') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK TLS_1_1\n ('TLS_1_2', 'SSL_3_0') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK SSL_3_0\n ('TLS_1_2', 'TLS_1_0') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK TLS_1_0\n ('TLS_1_2', 'TLS_1_2') ... resp: TLSServerHello: outer TLS_1_2 inner TLS_1_2\n ('TLS_1_2', 'TLS_1_1') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK TLS_1_1\n ('TLS_1_1', 'SSL_3_0') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK SSL_3_0\n ('TLS_1_1', 'TLS_1_0') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK TLS_1_0\n ('TLS_1_1', 'TLS_1_2') ... resp: TLSServerHello: outer TLS_1_2 inner TLS_1_2\n ('TLS_1_1', 'TLS_1_1') ... resp: TLSAlert.INAPPROPRIATE_FALLBACK TLS_1_1\n overall:\n TLS_FALLBACK_SCSV_SUPPORTED ... True\n SSLv3_ENABLED ... True\n\nSSLv2 dissection\n''''''''''''''''\n\n::\n\n -----------------------\n ###[ SSL/TLS ]###\n \\records \\\n |###[ SSLv2 Record ]###\n | length = 0x3e\n | content_type= client_hello\n |###[ SSLv2 Client Hello ]###\n | version = SSL_2_0\n | cipher_suites_length= 0x15\n | session_id_length= 0x10\n | challenge_length= 0x10\n | cipher_suites= [131200, 393280, 65664, 262272, 458944, 524416, 327808]\n | session_id= 'aaaaaaaaaaaaaaaa'\n | challenge = 'aaaaaaaaaaaaaaaa'\n\nTLS Sniffer / PCAP decryption\n'''''''''''''''''''''''''''''\n\nTLS1.0 Session Context based decryption of RSA\\_WITH\\_AES\\_128\\_CBC\\_SHA\nfor known private key\n\n::\n\n # python examples/sessionctx_sniffer.py 192.168.220.131 443 tests/files/RSA_WITH_AES_128_CBC_SHA_w_key.pcap tests/files/openssl_1_0_1_f_server.pem\n * pcap ready!\n * load servers privatekey for ciphertext decryption (RSA key only): tests/files/openssl_1_0_1_f_server.pem\n | 192.168.220.1 :54908 => 192.168.220.131 :443 | \\xc0\\xd2\\xa6\\xe2\\xb7#4*]#\\xaf\\x003\\xa3'\\xa0\" session_id_length=0x0ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 'ECDHE_RSA_'DHE_RSA_WITH_AES_256_GCM_SHA384', 'DHE_RSA_WITH_AES_256_CBC_SHA256', 'DHE_DSS_WITH_AES_256_CBC_SHA256', 'DHE_RSA_WITH_AES_25_CAMELLIA_256_CBC_SHA', 'ECDH_RSA_WITH_AES_256_GCM_SHA384', 'ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 'ECDH_RSA_WITH_AES_256_CBC_TH_AES_256_CBC_SHA', 'RSA_WITH_AES_256_GCM_SHA384', 'RSA_WITH_AES_256_CBC_SHA256', 'RSA_WITH_AES_256_CBC_SHA', 'RSA_WITH_CAME 'ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 'ECDHE_RSA_WITH_AES_128_CBC_SHA', 'ECDHE_ECDSA_WHE_RSA_WITH_AES_128_CBC_SHA256', 'DHE_DSS_WITH_AES_128_CBC_SHA256', 'DHE_RSA_WITH_AES_128_CBC_SHA', 'DHE_DSS_WITH_AES_128_CBCC_SHA', 'DHE_DSS_WITH_CAMELLIA_128_CBC_SHA', 'ECDH_RSA_WITH_AES_128_GCM_SHA256', 'ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 'ECDH__SHA', 'ECDH_ECDSA_WITH_AES_128_CBC_SHA', 'RSA_WITH_AES_128_GCM_SHA256', 'RSA_WITH_AES_128_CBC_SHA256', 'RSA_WITH_AES_128_CBCSHA', 'ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 'DHE_RSA_WITH_3DES_EDE_CBC_SHA', 'DHE_DSS_WITH_3DES_EDE_CBC_SHA', 'ECDH_RSA_WITH_3GOTIATION_INFO_SCSV'] compression_methods_length=0x1 compression_methods=['NULL'] extensions_length=0x15d extensions=[>, >, , , , , , , , , ] |>>, >] |>>>] |>\n | 192.168.220.131 :443 => 192.168.220.1 :54908 | >] |>>>, sn= sign_OID['.2.5.4.6']> value= |>, value=}}>]> |>, value= value= not_after= subject=[ value= not found for tag }}>]> |>, not found for tag }}>]> |>, value=}}>]> |>] pubkey_algo= pk_value= pubkey=\\xf3I(\"\\xd3\\xb9\\xfe\\xe0\\xde\\xe48\\xce\\xee\"\\x1c\\xe9\\x91;\\x94\\xd0r/\\x87\\x85YKf\\xb1\\xc5\\xf5z\\x85]\\xc2\\x0f\\xd3.)X6\\xccHk\\xa2\\xa2\\xxfd\\xea\\xf985+\\xf4\\xe6\\x9a\\x0e\\xf6\\xbb\\x12\\xab\\x87!\\xc3/\\xbc\\xf4\\x06\\xb8\\x8f\\x8e\\x10\\x07\\'\\x95\\xe5B\\xcb\\xd1\\xd5\\x10\\x8c\\x92\\xbMW\\x06U!\"%\\xdb\\xf3\\xaa\\xa9`\\xbfM\\xaay\\xd1\\xab\\x92H\\xba\\x19\\x8e\\x12\\xech\\xd9\\xc6\\xba\\xdf\\xecZ\\x1c\\xd8C\\xfe\\xe7R\\xc9\\xcf\\x02\\xxa2\\x13J%\\xaf\\xe6\\x1c\\xb1%\\xbf\\xb4\\x99\\xa2S\\xd3\\xa2\\x02\\xbf\\x11\\x02\\x03\\x01\\x00\\x01']> x509v3ext=[, , ]]> |>, ]]> |>, , , =\\x86\\xab!\\x81\\x87\\xda\\xda']>]]> |>] sign_[\"\\x00\\xa9\\xbdMW@t\\xfe\\x96\\xe9+\\xd6x\\xfd\\xb3c\\xcc\\xf4\\x0bM\\x12\\xcaZt\\x8d\\x9b\\xf2a\\xe6\\xfd\\x06\\x11C\\x84\\xfc\\x17\\xa0\\xeccc6\\xb9x02\\x081\\x9a\\xf1\\xd9\\x17\\xc5\\xe9\\xa6\\xa5\\x96Km@\\xa9[e(\\xcb\\xcb\\x00\\x03\\x82c7\\xd3\\xad\\xb1\\x96;v\\xf5\\x17\\x16\\x02{\\xbdSSFr4\\xd6\\b3\\x10\\xf7l\\xc6\\x85K-'\\xad\\n \\\\\\xfb\\x8d\\x19p4\\xb9u_|\\x87\\xd5\\xc3\\xec\\x93\\x13A\\xfcs\\x03\\xb9\\x8d\\x1a\\xfe\\xf7&\\x86I\\x03\\xa9\\xc5\\\\xc1C\\xc7\\xe0%\\xb6\\xf1\\xd3\\x00\\xd7@\\xabK\\x7f+z>\\xa6\\x99LT\"]> |> |>] |>>>, \\xength=0x76 cipher_suites=['ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'ECDHE_RSA_WITH_AES_256ECDSA_WITH_AES_256_CBC_SHA', 'DHE_DSS_WITH_AES_256_GCM_SHA384', 'DHE_RSA_WITH_AES_256_GCM_SHA384', 'DHE_RSA_WITH_AES_256_CBC_256_CBC_SHA', 'DHE_RSA_WITH_CAMELLIA_256_CBC_SHA', 'DHE_DSS_WITH_CAMELLIA_256_CBC_SHA', 'ECDH_RSA_WITH_AES_256_GCM_SHA384', '256_CBC_SHA384', 'ECDH_RSA_WITH_AES_256_CBC_SHA', 'ECDH_ECDSA_WITH_AES_256_CBC_SHA', 'RSA_WITH_AES_256_GCM_SHA384', 'RSA_WITHWITH_AES_128_GCM_SHA256', 'ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'ECDHE_ECDSA_WITH_AES_1_WITH_AES_128_GCM_SHA256', 'DHE_RSA_WITH_AES_128_GCM_SHA256', 'DHE_RSA_WITH_AES_128_CBC_SHA256', 'DHE_DSS_WITH_AES_128_CBC_SHSHA', 'DHE_DSS_WITH_SEED_CBC_SHA', 'DHE_RSA_WITH_CAMELLIA_128_CBC_SHA', 'DHE_DSS_WITH_CAMELLIA_128_CBC_SHA', 'ECDH_RSA_WITH_A'ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 'ECDH_RSA_WITH_AES_128_CBC_SHA', 'ECDH_ECDSA_WITH_AES_128_CBC_SHA', 'RSA_WITH_AES_128_G, 'RSA_WITH_CAMELLIA_128_CBC_SHA', 'ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 'ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 'DHE_RSA_WITH_3DESWITH_3DES_EDE_CBC_SHA', 'RSA_WITH_3DES_EDE_CBC_SHA', 'EMPTY_RENEGOTIATION_INFO_SCSV'] compression_methods_length=0x1 compresslength=0x4 |, , , hAlgorithm hash_alg=sha384 sig_alg=ecdsa |>, , , , , ] |>>, >, >\n params.negotiated.version=TLS_1_0\n params.negotiated.ciphersuite=RSA_WITH_AES_128_CBC_SHA\n params.negotiated.key_exchange=RSA\n params.negotiated.encryption=('AES', 16, 'CBC')\n params.negotiated.mac=SHA\n params.negotiated.compression=NULL\n crypto.client.enc=\n crypto.client.dec=\n crypto.server.enc=\n crypto.server.dec=\n crypto.server.rsa.privkey=\n crypto.server.rsa.pubkey=\n crypto.server.dsa.privkey=None\n crypto.server.dsa.pubkey=None\n crypto.client.dh.x=None\n crypto.client.dh.y_c=None\n crypto.server.dh.p=None\n crypto.server.dh.g=None\n crypto.server.dh.x=None\n crypto.server.dh.y_s=None\n crypto.client.ecdh.curve_name=None\n crypto.client.ecdh.priv=None\n crypto.client.ecdh.pub=None\n crypto.server.ecdh.curve_name=None\n crypto.server.ecdh.priv=None\n crypto.server.ecdh.pub=None\n crypto.session.encrypted_premaster_secret=None\n crypto.session.premaster_secret='\\x03\\x03Ux\\xff,U\\x8bM\\xf4\\xf7\\x9b\\xe4\\xb4\\x95\\xdf\\x90\\x02\\\\I{<\\xbe\\x87uui\\xdc\\x16\\xffn\\xf\n crypto.session.master_secret='\\xb7\\xe38\\x8a\\xbc\\t9Q\\xac,\\r\\r\\x0f(\\xbd\\\\\\r<\\xa3F\\xf2\\xc0\\xff\\xfc\\x88\\xe1J\\xed\\x08\\xf8\\xbc\\x\n crypto.session.randombytes.client=\"\\x071fwUa\\xc1\\\\w22\\xc4\\x01s\\x8d>\\xc0\\xd2\\xa6\\xe2\\xb7#4*]#\\xaf\\x003\\xa3'\\xa0\"\n crypto.session.randombytes.server='U\\x88\\x82\\xee\\x1d\\xc0u!\\xbd\\xf9\\xc3\\xd9\\xadmYR\\xb4G\\x93\\xeacX\\x88\\xe1q/\\x08\\x16xp+$'\n crypto.session.key.client.mac=' d\\x90\\xca\\xbdUKe\\x96\\xc9Y\":^w\\xa0\\x01\\xbd=\\xbc'\n crypto.session.key.client.encryption=\"\\xc4/\\xcb\\xc7\\n\\x85\\x0bx\\x8c\\xd8\\x8e+\\x83\\x8b'{\"\n crypto.session.key.cllient.iv='\\xdfV\\xee\\xb1Y\\xe1\\xae\\xfd\\xb0\\xee\\xd9\\x1ey\\xd2\\xf7\\xd4'\n crypto.session.key.server.mac='\\xcf\\xe2F\\x97\\x81\\x9cw\\x03\\xbc~\\x1e\\xaf\\x15\\xdd2J\\xd0\\x07I\\x87'\n crypto.session.key.server.encryption='Zw\\xfd\\x15\\x15a\\x0bh@F\\xac\\xfen\\x0ea\\xa8'\n crypto.session.key.server.iv='\\x16\\xcb)\\xfa\\xfc\\x9f\\xaar/\\x19\\xb5\\x88\\x85o\\x8e\\xe3'\n crypto.session.key.length.mac=20\n crypto.session.key.length.encryption=16\n crypto.session.key.length.iv=16\n >\n | 192.168.220.1 :54908 => 192.168.220.131 :443 | >>>, >] |>\n |-> decrypted record | >>>, >, >] |>\n | 192.168.220.131 :443 => 192.168.220.1 :54908 | >, >] |>\n |-> decrypted record | >, >, \\x87\\x0e\\x19B\\xe2\\xad\\x12Q!\\xb7\\'\\x9drRZ\\x9a\\xe5\\x01q\\x05q\\x15\\xb4\\xad\\xd8\\x12\\xb1@\\x88\\xbf\\x9f\\xef3N\\x97\\xd8V>\\x9d#\\xee\\xed\\x9f\\xac\\xec\\x06\\xd1\\xb9\\x99n\\xd5\\xadT\\x15\\x9cY\\xa9|\\xa8\\xc1P_x1N\\x0c\\xxb8zJ\\x8b\\xf1\\x04\\xadF\\xa1\\xa3\\x82\\x93\\xceU\\xdbf\\x97\\xc2$T2\\x9c\\x1b\\xc8\\x86\\x18A\\xf5FyW\\xf8\\xd0\\xba\\xb8\\x12\\xb8\\xdeB\\xf5\\xcfzb\\xd3\\xfeA\\x9b\\r\\xa4PB\\xc4Qy!\\xe0T\\x14)\\xfdb\\xb2\\x99w\\x90\\xde@\\x0eg\\xbb\\xa6\\r9\\x96rd9\\xe6\\x868\\xbe\\x84/\\t)gxRM=\\xe4\\x06\\xa1\\x\\x92\\xd5\\xc0u`\\xf15\\x95\\x05\\x92ja\\xe3\\x80w\\x95+\\xc4c\\xc8Kf/\\xaf\\xbd\\xc4\\xc9e\\xba\\xc4\\xb9\\xde\\x9d\\x1b\\x96\\x9d\\x9b \\xd6]\\xe3Q\\x6\\xd7~\\xe9H\\xeb\\x90\\x88\\xa9\\n\\x85\\xcc\\xad\\x02\\x04B\\xd9\\xca-\\xffk&7\\x98\\xa3\\xaf\\xddsm\\x0fr\\x05\\xf9=\\x12^\\xcf\\xca\\x92\\x1cwa\\x9fxfe\\x9a\\xd7T\\x90%q\\x1c\\x17\\x95Q\\xe0n\\xf46\\x97\\xdf\\xa7q\\x1b:\\x88\\x98\\xfbxu\\x8d*~h\\r<\\xcf\\x7f\\xb0\\xd8\\xd6\\xca\\x8b}\\'G\\xdfj\\xfd7cb\\xc4K\\x9b3\\xb9\\xd9F\\xe3\\xfa\\xc4/\\x1fs\\xc8\\x8c\\x11\\xde\\xd8w\\xd9\\xee\\xd6=|\\x12 ?\\x9f\\xc8\\xc2\\xa9\\xd6\\x8b\\x0e\\xc2\\xeaIS\\xb1\\xexdd\\xa5m\\xa6\\x93\\x92\\x9a\\x1ce\\x93S\\xadln\\xe3\\xa2\\xc0\\x82M\\xe3:\\xc7\\xaa\\x9e\\xd4\\x99{%9\\xd5\\x1bw\\xd4c}\\xd7p\\xaf\\xee\\xadx\\'H\\xcc0?>\\xd1\\x17\\xa2g\\xaa\\xde\\xf6t!{\\xd7\\xc7\\xf5b\\xe4\\xf45\\xa8(\\xd0\\xdc\\xbf\\x86\\xff\\xf9\\xc9\\xfc\\x9b\\xc2\\xe2@\\x0b\\x8bm\\x06\\x98@\\xfaa1\\xbf_5\\xc0s\\x9f\\xfc\\xf3\\xb2\\xe0\\x14\\xb04\\xa8\\xe2\\x8eck\\xfer\\xe2\\x81\\x8a\\x9a\\xf2\\xbai\\xd6\\x13G\\x8b\\xe4}\\xee,(y\\xd8\\xf8-\\x13\\xba\\xc2\\xf6\\x18\\xfe\\x9c\\x10\\x15_\\x80\\xffE~g\\x96a\\x91\\xaf\\x1f\\x8a1\\x12A\\x05\\xa6T\\x01\\xa0e\\x9e\\x0c\\x9b\\x9b\\xc2\\xd3\\xd7dcg\\xd8\\nk\\xe8n\\x1d\\x8c\\xb1%\\xb7\\x8bl\\xc0]F\\xf4X\\xe7\\x8fE3K\\xe3\\x06\\xa0d\\x08\\x98\\xb4\\xb8\\x0c\\xa7\\xc2\\xa3O\\x93\\xcc\\xc2PC\\x86J\\ef\\xfd|\\xa8\\x15__U\\x87\\r\\xae\\xf8\\x97\\x92\\xd19\\x81s?U\\x01\\x01\\x9f\\xe0&\\x9f\\x99\\x87\\x7f\\x8a\\x84\\x08n]\\xc4\\x00\\xd6|\\x1e-\\x83\\x90F\\x8b\\xc0\\xcd\\xa2+\\\\\\x9b.z\\xf1\\x1b\\xe6G\\xe1lscV\\x00\\x87\\x9e\\xf1\\x93\\xb5\\xe9\\xcb\\x164\\x140g\\xd0\\xb9\\x1d5\\xc7\\x7f/\\xdc\\xb6{|\\xcb\\xff\\x95\\xb1\\xa8mp\\xec\\xcb;\\x8aM\\x11&\\xaf\\xa3\\xe6\\r}\\xc6K\\xd9w\\xe3\\x99\\xc4\\rQ\\x93A.\\x19\\xb1:\\xec\\x1e\\xbd{},\\x1f\\xfe\\x10\\x984\\x7f\\xe3\\x10\\xe9\\x85K\\x9d\\xf0\\xa3\\x9a\\xf3\\x85\\xf9\\xce\\xbc*h\\x10\\xc2\\xf9\\x8c/\\r\\x84\\xf5\\xdf%{iI7&\\xf6\\x08\\x14M]y\\xe9\\xb0VH\\xe3f9\\x08\\'\\xfd]T\\xcd\\xf8Ey\\xc6\\xd8\"@cq>\\xa6\\x12d\\xbb\\xd2\\x92uw:#\\xe2\\xaf\\x19\\x01\\x7f\\xe92X\\x8f\\xad\\xe2hO\\xf6\\x14\\xc2c\\xee\\x8a\\x\\x83\\x0e\\x15\\xda`}\\xa5\\xc9\\xcbM\\xc3\\xff\\x15\\xa0\\x9bt\\xb9\\x8cWwL\\x91\\xbd\\x00\\xcdA\\nK\\\\K/\\xd2~p{\\xf6\\xe4\\xaav\\x07X\\n\\xef\\xfe\\x8xc2\\x08h\\xf3\\xc3\\xf1\\xd5l\\xe4\\xf5,[\\xa0-?\\x9b\\x12\\x99\\xaf\\xb5\\xd30\\xc6K\\xd3\\xf0A\\x93e\\xf9\\xf3\\x07\\xe0\\xe2\\x9b\\xc3)\\x00\\xac6\\xx1a\\x8e\\xc5C\"\\x8a\\x0c\\xa9\\xc6\\xe4\\xe9\\xf4\\xc6Sz%L\\xe5\\xb6f\\x86\\x9e\\x03b\\x08\\xb0\\x86\\xc2\\x1b\\xe4\\x9b\\x1f\\xfb\\xa8]fb$\\xae\\xb3f~ea\\xa8\\xd4\\x99\\xea\\xb7\\xd4J\\x9c\\xb7\\xcd\\x10\\xa5#\\xd8>\\xcde\\x9a\\x9f\\x10\\xef)\\xe1\\xfb,\\xf3\\xee0\\xa9\\xa4\\xe2f\\xa5_y\\xa7\\xb6\\x8b)xae0\"\\xcc\\x01m\\xe8\\xe4 R\\x8c\\xc6.v\\x8c\\xdc\\x98\\xbc\\xe5\\xf4\\xc8\\xaa\\xc2\\xc6\\x11i\\xa7\\xcc\\xc9\\x10\\x9c\\xeb\\x96\\xc4\\xd4\\xd0\\xd0C\\b8\\xc2\\xac\\xdb\\xad\\xda\\x86\\xde\\x0cVc\\xea\\xfe\\xbb-?:\\xbb\\xf4|\\xb1yi\\xfb\\xafw\\xed\\xa3]:y(\\xa7\\xe9etN\\xf9cG\\x1dux\\xad\\\\\\x8c\\x84\\\\x9b\\xf4\\xa91\\xd7\\xf2\\xc2\\x0f\\xf1\\xd8\\x8a~\\xee\\x17\\xa4\\x05\\x7f\\x0ce-O\\xd6\\xa9\\x95\\xa3\\xe9\\xebu\\nd\\xdc\\t\\xaa~OU\\xd8\\x8c\\xfa\\xb5\\x04V\"\\x96\\x8d\\x87\\x92\\xbd\\x90\\xa4\\xbb\\x80\\x96\\x1dG\\xb2NDzJBt\\xa9\\xf8\\xcc\\xf5\\x8c\\x1e\\x11fP\\xba\\xbe\\xf64\"s\\xd6$\\xc9T\\xda)\\xd\n |-> decrypted record | >, \\n
\\n\\ns_server -accept 443 -cert openssl_1_0_1_f_server.pem -tls1 -cipher AES128v3:AES128-SHA               \\n---\\nCiphers common between both SSL end points:\\nECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES25 ECDHE-ECDSA-AES256-SHA    \\nDHE-DSS-AES256-GCM-SHA384  DHE-RSA-AES256-GCM-SHA384  DHE-RSA-AES256-SHA256     \\nDHE-DSS-AES256 DHE-DSS-CAMELLIA256-SHA    ECDH-RSA-AES256-GCM-SHA384\\nECDH-ECDSA-AES256-GCM-SHA384 ECDH-RSA-AES256-SHA384     ECDH-ECDSA-AE \\nAES256-SHA256              AES256-SHA                 CAMELLIA256-SHA           \\nECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-      ECDHE-ECDSA-AES128-SHA    \\nDHE-DSS-AES128-GCM-SHA256  DHE-RSA-AES128-GCM-SHA256  DHE-RSA-AES128-SHA256     \\nDHE-DSS-A      DHE-DSS-SEED-SHA           DHE-RSA-CAMELLIA128-SHA   \\nDHE-DSS-CAMELLIA128-SHA    ECDH-RSA-AES128-GCM-SHA256 ECDH-ECDSA      \\nECDH-ECDSA-AES128-SHA      AES128-GCM-SHA256          AES128-SHA256             \\nAES128-SHA                 SEED-SHA-SHA   EDH-RSA-DES-CBC3-SHA      \\nEDH-DSS-DES-CBC3-SHA       ECDH-RSA-DES-CBC3-SHA      ECDH-ECDSA-DES-CBC3-SHA   \\nDES-CBC3pher    : AES128-SHA\\n    Session-ID: B458EC666AFAA53646D82C073DB13A791250C03422D4FE8865437DE1AD5DDF31\\n    Session-ID-ctx: 0E6652DAF255AFACF0E16C286A8D\\n    Key-Arg   : None\\n    PSK identity: None\\n    PSK identity hint: None\\n    SRP username: Non\\n   1 items in the session cache\\n   0 client connects (SSL_connect())\\n   0 client renegotiates (SSL_connect())\\n   0 cliencept())\\n   1 server accepts that finished\\n   0 session cache hits\\n   0 session cache misses\\n   0 session cache timeouts\\navailable\\n\\r\\n\\r\\n' mac='\\x97$\\x1a\\x18\\x12B\\r6,d\\xb0\\x9fMq\\xdd\\xe6\\xd2\\\\\\n\\xe7' padding='\\x08\\x08\\x08\\x08\\x08\\\n    |   192.168.220.1   :54908 => 192.168.220.131 :443   | >>] |>\n    |-> decrypted record                                 | >] |>\n\nSSL Security Scanner\n''''''''''''''''''''\n\nActive Scanner:\n\n::\n\n    # python examples/security_scanner.py active localhost 443 \n\n    An example implementation of a passive TLS security scanner with custom starttls support:\n\n        TLSScanner() generates TLS probe traffic  (optional)\n        TLSInfo() passively evaluates the traffic and generates events/warning\n\n        \n\n    Scanning with 10 parallel threads...\n    => accepted_ciphersuites\n    => accepted_ciphersuites_ssl2\n    => compressions\n    => heartbleed\n    => poodle2\n    => scsv\n    => secure_renegotiation\n    => supported_protocol_versions\n\n\n    [*] Capabilities (Debug)\n     sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>,  sn= sign_algo= sa_value= issuer=[ value= |>] not_before= not_after= subject=[ value= |>] pubkey_algo= pk_value= pubkey= x509v3ext=[, ]]> |>] sign_algo2= sa2_value= signature= |> |>] |>])\n    >\n            \n    [*] supported ciphers: 34/326\n     * SSLv2_RC4_128_EXPORT40_WITH_MD5 (0x20080)\n     * ECDH_anon_WITH_RC4_128_SHA (0xc016)\n     * RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)\n     * RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)\n     * RSA_WITH_RC4_128_SHA (0x0005)\n     * RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)\n     * RSA_WITH_IDEA_CBC_SHA (0x0007)\n     * RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)\n     * RSA_WITH_DES_CBC_SHA (0x0009)\n     * RSA_WITH_3DES_EDE_CBC_SHA (0x000a)\n     * ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)\n     * ECDHE_RSA_WITH_RC4_128_SHA (0xc011)\n     * ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)\n     * ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)\n     * DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)\n     * DHE_RSA_WITH_DES_CBC_SHA (0x0015)\n     * DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)\n     * ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)\n     * ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)\n     * RSA_WITH_RC4_128_MD5 (0x0004)\n     * DHE_RSA_WITH_SEED_CBC_SHA (0x009a)\n     * RSA_WITH_SEED_CBC_SHA (0x0096)\n     * DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)\n     * SSLv2_RC2_CBC_128_CBC_WITH_MD5 (0x40080)\n     * RSA_WITH_AES_128_CBC_SHA (0x002f)\n     * DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)\n     * DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)\n     * RSA_WITH_AES_256_CBC_SHA (0x0035)\n     * DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)\n     * SSLv2_DES_64_CBC_WITH_MD5 (0x60040)\n     * RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)\n     * DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)\n     * SSLv2_RC4_128_WITH_MD5 (0x10080)\n     * ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)\n\n    [*] supported protocol versions: 5/8\n     * SSL_3_0 (0x0300)\n     * TLS_1_0 (0x0301)\n     * SSL_2_0 (0x0002)\n     * TLS_1_1 (0x0302)\n     * TLS_1_2 (0x0303)\n\n    [*] supported compressions methods: 1/3\n     * NULL (0x0000)\n\n    [*] Events: 16\n    * EVENT - HEARTBLEED - vulnerable\n    * EVENT - DROWN - SSLv2 with EXPORT ciphers enabled\n    * EVENT - CIPHERS - Export ciphers enabled\n    * EVENT - CIPHERS - RC4 ciphers enabled\n    * EVENT - CIPHERS - MD5 ciphers enabled\n    * EVENT - FREAK - server supports RSA_EXPORT cipher suites\n    * EVENT - LOGJAM - server supports weak DH-Group (512) (DHE_*_EXPORT) cipher suites\n    * EVENT - PROTOCOL VERSION - SSLv2 supported\n    * EVENT - PROTOCOL VERSION - SSLv3 supported \n    * EVENT - HEARTBEAT - enabled (non conclusive heartbleed) \n    * EVENT - INSUFFICIENT SERVER CERT PUBKEY SIZE - 2048 >= 640 bits\n    * EVENT - SUSPICIOUS SERVER CERT PUBKEY SIZE - 640 not a multiple of 2048 bits\n    * EVENT - SERVER CERT PUBKEY FACTORED - trivial private_key recovery possible due to known factors n = p x q. See https://en.wikipedia.org/wiki/RSA_numbers | grep 3107418240490043721350750035888567930037346022842727545720161948823206440518081504556346829671723286782437916272838033415471073108501919548529007337724822783525742386454014691736602477652346609\n    * EVENT - DOWNGRADE / POODLE - FALLBACK_SCSV - not honored\n    * EVENT - TLS EXTENSION SECURE RENEGOTIATION - not supported\n    * EVENT - HEARTBEAT - enabled (non conclusive heartbleed)\n\n    Scan took: 30.60623884201s\n\nPassive Scanner:\n\n::\n\n    # python examples/security_scanner.py sniff 192.168.139.131 443 \n    An example implementation of a passive TLS security scanner with custom starttls support:\n\n        TLSScanner() generates TLS probe traffic  (optional)\n        TLSInfo() passively evaluates the traffic and generates events/warning\n\n        \n\n    [*] [passive] Scanning in 'sniff' mode...\n    Connection: 192.168.139.1:1364 <==> 192.168.139.131:443\n    * EVENT - CRIME - client supports compression\n    * EVENT - SLOTH - client announces capability of signature/hash algorithm: RSA/sha1\n    Connection: 192.168.139.131:443 <==> 192.168.139.1:1364\n    * EVENT - CRIME - client supports compression\n    * EVENT - SLOTH - client announces capability of signature/hash algorithm: RSA/sha1\n    Connection: 192.168.139.131:443 <==> 192.168.139.1:1364\n    * EVENT - CRIME - client supports compression\n    * EVENT - SLOTH - client announces capability of signature/hash algorithm: RSA/sha1\n    * EVENT - CRIME - server supports compression\n    * EVENT - INSUFFICIENT SERVER CERT PUBKEY SIZE - 2048 >= 640 bits\n    * EVENT - SUSPICIOUS SERVER CERT PUBKEY SIZE - 640 not a multiple of 2048 bits\n    * EVENT - SERVER CERT PUBKEY FACTORED - trivial private_key recovery possible due to known factors n = p x q. See https://en.wikipedia.org/wiki/RSA_numbers | grep 3107418240490043721350750035888567930037346022842727545720161948823206440518081504556346829671723286782437916272838033415471073108501919548529007337724822783525742386454014691736602477652346609\n    * EVENT - HEARTBEAT - enabled (non conclusive heartbleed) \n    Connection: 192.168.139.1:1364 <==> 192.168.139.131:443\n\nAuthors / Contributors\n----------------------\n\n-  tintinweb ( http://oststrom.com \\| https://github.com/tintinweb)\n-  alexmgr ( https://github.com/alexmgr )\n\n",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "https://github.com/tintinweb/scapy-ssl_tls/tarball/v2.0.0",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/tintinweb/scapy-ssl_tls/",
        "keywords": "scapy",
        "license": "GPLv2",
        "maintainer": "",
        "maintainer_email": "",
        "name": "scapy-ssl_tls",
        "package_url": "https://pypi.org/project/scapy-ssl_tls/",
        "platform": "",
        "project_url": "https://pypi.org/project/scapy-ssl_tls/",
        "project_urls": {
            "Download": "https://github.com/tintinweb/scapy-ssl_tls/tarball/v2.0.0",
            "Homepage": "https://github.com/tintinweb/scapy-ssl_tls/"
        },
        "release_url": "https://pypi.org/project/scapy-ssl_tls/2.0.0/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "An SSL/TLS layer for scapy the interactive packet manipulation tool",
        "version": "2.0.0"
    },
    "last_serial": 3576203,
    "releases": {
        "0.0.1.pre": [],
        "1.0": [],
        "1.0rc0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "b11f9ba880b8ecab26097b0ed6c0c6ed",
                    "sha256": "eb021018cc4d37b917339c52dc5b34f1aef897906a94e53cad35d64c1994cff1"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.0rc0.tar.gz",
                "has_sig": false,
                "md5_digest": "b11f9ba880b8ecab26097b0ed6c0c6ed",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 56419,
                "upload_time": "2015-05-24T20:02:04",
                "url": "https://files.pythonhosted.org/packages/2b/5d/c51899f7f77db0cc244f9d9ffc399628fe2e9e65fde77264269237cc29e9/scapy-ssl_tls-1.0rc0.tar.gz"
            }
        ],
        "1.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "e5b4192ecffe649610654aaa5b8f184d",
                    "sha256": "01b96754ab2d4a2be79286ee700d892da397c655bf3fbbce8e8213c0eb22e17d"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.1.zip",
                "has_sig": false,
                "md5_digest": "e5b4192ecffe649610654aaa5b8f184d",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 61339,
                "upload_time": "2015-06-04T11:39:55",
                "url": "https://files.pythonhosted.org/packages/75/4d/5a913987e60c4eb9b67f3f3f77b69bea89a31f094c6e42bfaf7ded1e8e14/scapy-ssl_tls-1.1.zip"
            }
        ],
        "1.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "e84cbd3fc750ce799456840a9ffc602e",
                    "sha256": "752a8d6f2b8257cbd1da14f73a702562f3e3a7d6605c066d846247084a946998"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.2.tar.gz",
                "has_sig": false,
                "md5_digest": "e84cbd3fc750ce799456840a9ffc602e",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 98021,
                "upload_time": "2015-07-16T01:03:05",
                "url": "https://files.pythonhosted.org/packages/87/4b/40b38e99fecaf8d255e4ab261a581f4b479ab8c94e85667f2533def53790/scapy-ssl_tls-1.2.tar.gz"
            }
        ],
        "1.2.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "a371cae77ce93a764145bec36a100174",
                    "sha256": "f582268a2f254eda0c1a35b507b882e2f8fbee843723f39ef21f5ef6d13c82f0"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.2.1.tar.gz",
                "has_sig": false,
                "md5_digest": "a371cae77ce93a764145bec36a100174",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 108997,
                "upload_time": "2015-08-14T19:28:30",
                "url": "https://files.pythonhosted.org/packages/6c/b9/2260411b08965bc88b06531133343418bc1fca26f2d453859233e432e13d/scapy-ssl_tls-1.2.1.tar.gz"
            }
        ],
        "1.2.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "7125709db5c070dae1c83365482e3e73",
                    "sha256": "f2d71aff89da7daf74f085d1a63bdf44854b83f19017bbb8e6c21e801e7fc72c"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.2.2.tar.gz",
                "has_sig": false,
                "md5_digest": "7125709db5c070dae1c83365482e3e73",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 107091,
                "upload_time": "2015-12-21T00:33:21",
                "url": "https://files.pythonhosted.org/packages/0e/e1/430b9d28c9344c01f9a8c7eb17544677f7303b078436e97e499a6ae91994/scapy-ssl_tls-1.2.2.tar.gz"
            }
        ],
        "1.2.3": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "3f26285cd9c64ce50f8e659c09eb5c57",
                    "sha256": "2fe02e40bcf7f74ffcc571a1f260d5f2e2196c81e1dea34266e658c1b0086dfb"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.2.3.tar.gz",
                "has_sig": false,
                "md5_digest": "3f26285cd9c64ce50f8e659c09eb5c57",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 117223,
                "upload_time": "2016-10-08T13:01:05",
                "url": "https://files.pythonhosted.org/packages/37/59/ac9cf5a45d330c6fc4d8042a4a98d6ea50904f7670c1d6ca76ee254c89a0/scapy-ssl_tls-1.2.3.tar.gz"
            }
        ],
        "1.2.3.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "4c16078db86bd51c6eadc658333585f6",
                    "sha256": "30e8bebd2c1e0f8691322bceaac2e41a32cef4b5107d8d04e7feb5e875fa7d56"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.2.3.1.tar.gz",
                "has_sig": false,
                "md5_digest": "4c16078db86bd51c6eadc658333585f6",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 117323,
                "upload_time": "2016-11-12T11:32:10",
                "url": "https://files.pythonhosted.org/packages/3f/a3/134d351725f3e1d1165d48a9c7470ad024b597f1efb8186b17f5b4ca1bbb/scapy-ssl_tls-1.2.3.1.tar.gz"
            }
        ],
        "1.2.3.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "cce6b549a7480e5b621ce21c11aecb36",
                    "sha256": "b28777b414ef104801f4a57b0ce726646123b463172fc44d6c0895927af4f52d"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.2.3.2.tar.gz",
                "has_sig": false,
                "md5_digest": "cce6b549a7480e5b621ce21c11aecb36",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 117341,
                "upload_time": "2017-02-28T19:44:34",
                "url": "https://files.pythonhosted.org/packages/04/8b/f9688918ca8ac8ff9040abaafdd4ba6dc79d136aed2d40155c8a48feae5f/scapy-ssl_tls-1.2.3.2.tar.gz"
            }
        ],
        "1.2.3.3": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "d67ea8ac3dbe4260c70830d23c142b79",
                    "sha256": "f0922b1b5810a13ec1337a5ee4aafeda87bfe175d15a533e00741459c4c3dc51"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.2.3.3.tar.gz",
                "has_sig": false,
                "md5_digest": "d67ea8ac3dbe4260c70830d23c142b79",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 117371,
                "upload_time": "2018-01-01T23:44:08",
                "url": "https://files.pythonhosted.org/packages/d2/9a/92526d291bd9c91d36e3224f82a0f41751a4a9798b4e7aa27bcfd25026ab/scapy-ssl_tls-1.2.3.3.tar.gz"
            }
        ],
        "1.2.3.4": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "0b2ea81c13f23b535e082a8450db2c30",
                    "sha256": "ae6939bca68857c4e575d2a0d4139a93b3f9b1f8d01c9207a0550403335c7fe9"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-1.2.3.4.tar.gz",
                "has_sig": false,
                "md5_digest": "0b2ea81c13f23b535e082a8450db2c30",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 117340,
                "upload_time": "2018-01-26T21:58:48",
                "url": "https://files.pythonhosted.org/packages/7b/e5/4276ef7bd7b84c21d0fcccf802d87663c0cea11495ec1f0fd0d6af3f6ca9/scapy-ssl_tls-1.2.3.4.tar.gz"
            }
        ],
        "2.0.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "9a02ec703d90662494b81d1f7e554c1e",
                    "sha256": "3db713883a4f31cce868e38919c87978366cb4bb755f3fb30e1e87ad255ff72c"
                },
                "downloads": -1,
                "filename": "scapy-ssl_tls-2.0.0.tar.gz",
                "has_sig": false,
                "md5_digest": "9a02ec703d90662494b81d1f7e554c1e",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 130257,
                "upload_time": "2018-02-12T20:27:21",
                "url": "https://files.pythonhosted.org/packages/5e/00/2b1455c5b372e1c99c9a76f593afd4e8c4cc35cceec7770f978f36a65c74/scapy-ssl_tls-2.0.0.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "9a02ec703d90662494b81d1f7e554c1e",
                "sha256": "3db713883a4f31cce868e38919c87978366cb4bb755f3fb30e1e87ad255ff72c"
            },
            "downloads": -1,
            "filename": "scapy-ssl_tls-2.0.0.tar.gz",
            "has_sig": false,
            "md5_digest": "9a02ec703d90662494b81d1f7e554c1e",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 130257,
            "upload_time": "2018-02-12T20:27:21",
            "url": "https://files.pythonhosted.org/packages/5e/00/2b1455c5b372e1c99c9a76f593afd4e8c4cc35cceec7770f978f36a65c74/scapy-ssl_tls-2.0.0.tar.gz"
        }
    ]
}