search

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
Apache License 2.0
778 stars 135 forks source link

DTLS Issue #158

Open dautovicalan opened 1 year ago

dautovicalan commented 1 year ago

Hello everyone, I have problems when I want to test around with DTLS. When I start the TLS-Server with DTLS parameter nothing shows but it is running. Then I am starting the TLS-Client to connect to the running server, but I always get exception that could not initialise TCP Transport Handler even though I am pretty sure that the TLS-Client successfully loaded DTLS parameter.

Am I missing something or could you provide me with some additional steps required for the newest version of TLS-Attacker.

Thank you in advance for help.

ic0ns commented 1 year ago

TLS-Attacker allows you to do wild things like sending DTLS parameters in a TLS connection to try to confuse the peer. Right now, it seems like you are running these tools with TCP as the underlying layer. To change the underlying layer, you have to change the "TransportHandler" - which is the TLS-Attackers interface for "anything below TLS".

-transport_handler_type UDP

dautovicalan commented 1 year ago

I also did it with the arguments and also tried it with defining config and loading it as config, but still no success. Those are the calls that I made in seperate terminals which are leading me to exception:

java -jar TLS-Server.jar -port 2000 -transport_handler_type UDP - Works fine, but I do not receive any output from the server that is waiting on host and port

java -jar TLS-Client.jar -connect localhost:2000 -transport_handler_type UDP - this one is causing the following exception after I run the command: 08:58:59 [main] INFO : SendAction - Sending messages (client): CLIENT_HELLO, 08:59:00 [main] ERROR: WorkflowExecutor - Unexpected fatal error during action execution, stopping execution: java.lang.RuntimeException: Trying to set TCP layer with non TCP TransportHandler at de.rub.nds.tlsattacker.core.layer.impl.TcpLayer.getTransportHandler(TcpLayer.java:85) at de.rub.nds.tlsattacker.core.layer.impl.TcpLayer.sendData(TcpLayer.java:55) at de.rub.nds.tlsattacker.core.layer.impl.RecordLayer.sendData(RecordLayer.java:205) at de.rub.nds.tlsattacker.core.layer.impl.RecordLayer.sendData(RecordLayer.java:51) at de.rub.nds.tlsattacker.core.layer.impl.MessageLayer.flushCollectedMessages(MessageLayer.java:112) at de.rub.nds.tlsattacker.core.layer.impl.MessageLayer.processMessage(MessageLayer.java:100) at de.rub.nds.tlsattacker.core.layer.impl.MessageLayer.sendConfiguration(MessageLayer.java:79) at de.rub.nds.tlsattacker.core.layer.LayerStack.sendData(LayerStack.java:103) at de.rub.nds.tlsattacker.core.workflow.action.MessageAction.send(MessageAction.java:243) at de.rub.nds.tlsattacker.core.workflow.action.SendAction.execute(SendAction.java:95) at de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor.executeAction(WorkflowExecutor.java:133) at de.rub.nds.tlsattacker.core.workflow.DefaultWorkflowExecutor.executeWorkflow(DefaultWorkflowExecutor.java:70) at de.rub.nds.tlsattacker.client.main.TlsClient.startTlsClient(TlsClient.java:86) at de.rub.nds.tlsattacker.client.main.TlsClient.main(TlsClient.java:58) 08:59:00 [main] WARN : TlsClient - The TLS protocol flow was not executed completely, follow the debug messages for more information.

mmaehren commented 1 year ago

Internally, TLS-Attacker uses different ProtocolLayers to reflect the individual parts of a protocol stack. By default, the stack of layers contains a TcpLayer. If you want to use DTLS, you can add -version DTLS12 to your CLI flags. This should prepare the layer stack as required for DTLS and automatically set the transport handler to UDP.