def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, mycert=None, mykey=None, client_hello=None, version=None, data=None, **kargs): super(TLSClientAutomaton, self).parse_args(mycert=mycert, mykey=mykey, **kargs) tmp = socket.getaddrinfo(server, dport) self.remote_name = None try: if ':' in server: socket.inet_pton(socket.AF_INET6, server) else: socket.inet_pton(socket.AF_INET, server) except: self.remote_name = socket.getfqdn(server) if self.remote_name != server: tmp = socket.getaddrinfo(self.remote_name, dport) if server_name: self.remote_name = server_name self.remote_family = tmp[0][0] self.remote_ip = tmp[0][4][0] self.remote_port = dport self.local_ip = None self.local_port = None self.socket = None self.client_hello = client_hello self.advertised_tls_version = None if version: v = _tls_version_options.get(version, None) if not v: self.vprint("Unrecognized TLS version option.") else: self.advertised_tls_version = v self.linebreak = False if isinstance(data, str): self.data_to_send = [data] elif isinstance(data, list): # parse_args is called two times, this is why we have to copy # the data list for reversing it afterwards... self.data_to_send = list(data) self.data_to_send.reverse() else: self.data_to_send = []
def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, mycert=None, mykey=None, client_hello=None, version=None, data=None, **kargs): super(TLSClientAutomaton, self).parse_args(mycert=mycert, mykey=mykey, **kargs) tmp = socket.getaddrinfo(server, dport) self.remote_name = None try: if ':' in server: inet_pton(socket.AF_INET6, server) else: inet_pton(socket.AF_INET, server) except: self.remote_name = socket.getfqdn(server) if self.remote_name != server: tmp = socket.getaddrinfo(self.remote_name, dport) if server_name: self.remote_name = server_name self.remote_family = tmp[0][0] self.remote_ip = tmp[0][4][0] self.remote_port = dport self.local_ip = None self.local_port = None self.socket = None self.client_hello = client_hello self.advertised_tls_version = None if version: v = _tls_version_options.get(version, None) if not v: self.vprint("Unrecognized TLS version option.") else: self.advertised_tls_version = v self.linebreak = False if isinstance(data, bytes): self.data_to_send = [data] elif isinstance(data, six.string_types): self.data_to_send = [raw(data)] elif isinstance(data, list): self.data_to_send = list(raw(d) for d in reversed(data)) else: self.data_to_send = []
def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, mycert=None, mykey=None, client_hello=None, version=None, data=None, ciphersuite=None, curve=None, **kargs): super(TLSClientAutomaton, self).parse_args(mycert=mycert, mykey=mykey, **kargs) tmp = socket.getaddrinfo(server, dport) self.remote_name = None try: if ':' in server: inet_pton(socket.AF_INET6, server) else: inet_pton(socket.AF_INET, server) except Exception: self.remote_name = socket.getfqdn(server) if self.remote_name != server: tmp = socket.getaddrinfo(self.remote_name, dport) if server_name: self.remote_name = server_name self.remote_family = tmp[0][0] self.remote_ip = tmp[0][4][0] self.remote_port = dport self.local_ip = None self.local_port = None self.socket = None if (isinstance(client_hello, TLSClientHello) or isinstance(client_hello, TLS13ClientHello)): self.client_hello = client_hello else: self.client_hello = None self.advertised_tls_version = None if version: v = _tls_version_options.get(version, None) if not v: self.vprint("Unrecognized TLS version option.") else: self.advertised_tls_version = v self.linebreak = False if isinstance(data, bytes): self.data_to_send = [data] elif isinstance(data, six.string_types): self.data_to_send = [bytes_encode(data)] elif isinstance(data, list): self.data_to_send = list(bytes_encode(d) for d in reversed(data)) else: self.data_to_send = [] self.curve = None if self.advertised_tls_version == 0x0304: self.ciphersuite = 0x1301 if ciphersuite is not None: cs = int(ciphersuite, 16) if cs in _tls_cipher_suites.keys(): self.ciphersuite = cs if conf.crypto_valid_advanced: # Default to x25519 if supported self.curve = 29 else: # Or secp256r1 otherwise self.curve = 23 if curve is not None: for (group_id, ng) in _tls_named_groups.items(): if ng == curve: if curve == "x25519": if conf.crypto_valid_advanced: self.curve = group_id else: self.curve = group_id
) # noqa: E501 parser.add_argument("--no_pfs", action="store_true", help="Disable (EC)DHE exchange with PFS") parser.add_argument("--ciphersuite", help="Ciphersuite preference") parser.add_argument("--version", help="TLS Version", default="tls13") args = parser.parse_args() # By default, PFS is set if args.no_pfs: psk_mode = "psk_ke" else: psk_mode = "psk_dhe_ke" v = _tls_version_options.get(args.version, None) if not v: sys.exit("Unrecognized TLS version option.") if args.ciphersuite: ciphers = int(args.ciphersuite, 16) if ciphers not in list(range(0x1301, 0x1306)): ch = TLSClientHello(ciphers=ciphers) else: ch = TLS13ClientHello(ciphers=ciphers) else: ch = None t = TLSClientAutomaton( client_hello=ch, version=args.version,