search

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
Apache License 2.0
778 stars 135 forks source link

Unable to modify the content of the created message stream #164

Open y1174804262 opened 3 months ago

y1174804262 commented 3 months ago

I am currently learning to use tls-attacker and am using the most current version. However, when I customize the protocol stream, the sent protocol stream is correct, but I can't customize the content of the message, such as unixtime, random, etc., these data will be modified to default data during execution. Below are the changes I made when building the Heartbleed payload. By capturing packets using Wireshark, I found that its data content is still the default 256 byte.

I only modified the main function in the TLS-Client

Thank you!

public static void main(String[] args) {
    ClientCommandConfig config = new ClientCommandConfig(new GeneralDelegate());
    JCommander commander = new JCommander(config);
    try {
        commander.parse(args);
        if (config.getGeneralDelegate().isHelp()) {
            commander.usage();
            return;
        }
        ListDelegate list = (ListDelegate) config.getDelegate(ListDelegate.class);
        if (list.isSet()) {
            list.plotListing();
            return;
        }

        try {
            Config tlsConfig = config.createConfig();
//            tlsConfig.setDefaultClientSupportedCipherSuites(CipherSuite.TLS_AES_128_CCM_8_SHA256, CipherSuite.TLS_AES_128_GCM_SHA256);
            WorkflowTrace trace = new WorkflowTrace();
            ClientHelloMessage clh = new ClientHelloMessage();
            clh.addExtension(new ECPointFormatExtensionMessage());
            clh.addExtension(new HeartbeatExtensionMessage());
            clh.addExtension(new EllipticCurvesExtensionMessage());
            trace.addTlsAction(new SendAction(clh));
            trace.addTlsAction(new ReceiveAction(new ServerHelloMessage(), new CertificateMessage(), new ServerHelloDoneMessage()));
//            RSAClientKeyExchangeMessage rsacke = new RSAClientKeyExchangeMessage();
//            trace.addTlsAction(new SendAction(rsacke, new ChangeCipherSpecMessage(), new FinishedMessage()));
//            trace.addTlsAction(new ReceiveAction(new ChangeCipherSpecMessage(), new FinishedMessage()));
            HeartbeatMessage heartbeat = new HeartbeatMessage();
            heartbeat.setPayloadLength(50000);
            trace.addTlsAction(new SendAction(heartbeat));
//            trace.addTlsAction(new ReceiveAction(new AlertMessage()));

            if (config.getWorkflowInput() != null) {
                LOGGER.debug("Reading workflow trace from " + config.getWorkflowInput());
                try (FileInputStream fis = new FileInputStream(config.getWorkflowInput())) {
                    trace = WorkflowTraceSerializer.secureRead(fis);
                }
            }
            TlsClient client = new TlsClient();
            State state = client.startTlsClient(tlsConfig, trace);
            if (config.getWorkflowOutput() != null) {
                trace = state.getWorkflowTrace();
                LOGGER.debug("Writing workflow trace to " + config.getWorkflowOutput());
                WorkflowTraceSerializer.write(new File(config.getWorkflowOutput()), trace);
            }
        } catch (Exception e) {
            LOGGER.error(
                    "Encountered an uncaught Exception aborting. See debug for more info.", e);
        }
    } catch (ParameterException e) {
        LOGGER.error("Could not parse provided parameters. " + e.getLocalizedMessage(), e);
        commander.usage();
    }
}

image image

ic0ns commented 3 months ago

Hey, this related to this: https://github.com/tls-attacker/TLS-Attacker/issues/163#issuecomment-2044652202

If you want to change message contents you need to use the ModifiableVariable Interface. I.e - setPayloadLength(Modifiable.explicit(50000));

y1174804262 commented 3 months ago

Wow! I'm very excited to receive the response from you. With your help, I have successfully solved the problem. I have read many of your papers recently and I will continue to learn from you.As I am not much acquainted with GitHub, I overlooked the closed issues and I believe there might be others who are facing similar scenarios. Thus, I kindly propose to keep my question open as a reference, rather than closing it. If this somehow imposes any inconvenience to you, I humbly ask you to inform me and I will definitely proceed to close it. Once more, I deeply appreciate your assistance and thank you sincerely for your help.