search

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
Apache License 2.0
789 stars 136 forks source link

Help: How can we change TLS record layer values in a workflow trace? #97

Closed ayushbindlish closed 3 years ago

ayushbindlish commented 3 years ago

I want to change TLS record layer values in my workflow trace.

This is my high level code:

public static State execute(TLS12DefaultConfig config, WorkflowTraceType workflowTraceType, AlertMessage alertMessage) throws IOException {
        WorkflowTrace trace = new WorkflowConfigurationFactory(config.getConfig()).createWorkflowTrace(workflowTraceType,
                RunningModeType.CLIENT);
        SendAction sendAction = new SendAction(alertMessage);
        trace.addTlsAction(sendAction);

        State state = new State(config.getConfig(), trace);
        WorkflowExecutor workflowExecutor = WorkflowExecutorFactory.createWorkflowExecutor(
                config.getConfig().getWorkflowExecutorType(), state);

        workflowExecutor.executeWorkflow();

        return state;
    }
ic0ns commented 3 years ago

Usually TLS-Attacker automatically generates records for your messages. If you want to modify the contents of the record layer you have to explicitly define which records you want to send. This can be done with the setRecords() function on the SendAction in your WorkflowTrace. You can create Records and modify them like you create any other message.

ayushbindlish commented 3 years ago

I am still not able to set the record length. Is something wrong with my code?

In Wireshark I see -

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 824
        Handshake Protocol: Client Hello

This is my code:

WorkflowTrace trace = new WorkflowTrace();
        Record record = new Record();
        record.setLength(100);

        ClientHelloMessage  clienthello  = new ClientHelloMessage(tls12Init.getConf().getConfig());

        SendAction sendaction = new SendAction(clienthello);

        sendaction.setRecords(record);

        trace.addTlsAction(sendaction);

        List<ProtocolMessage> messageListHandshake = new LinkedList<>();
        messageListHandshake.add(new ServerHelloMessage());
        messageListHandshake.add(new CertificateMessage());
        messageListHandshake.add(new ServerHelloDoneMessage());
        trace.addTlsAction(new ReceiveAction(messageListHandshake));

        State state = TLS12Execute.execute(tls12Init.getConf(), trace);
ic0ns commented 3 years ago

Hey, you need to use ModififableVariables instead of setting the value yourself directly, TLS-Attacker will overwrite it otherwise. record.setLength(Modifiable.explicit(100));

ayushbindlish commented 3 years ago

Okay Thanks a lot @ic0ns Also, will setting this fragment the packet?

ic0ns commented 3 years ago

no, this will just overwrite the length field. If you want to fragment the message you have to set the "maxRecordLengthConfig" value (no modifiable variable needed).

ayushbindlish commented 3 years ago

Got that. Thanks for all your help.