TechQA.

How to connect to a session using secrets after TLS Handshake was done?

25 views Asked by At

I am using the CLI of facebook's fizz library to do a handshake with a server. It gives all the data below. However, this library can't send requests, just make TLS handshakes. I would like to send some requests using python over the created session, and kind of "break in" it using the details and secrets of it. Do you think it is even possible to do ? If yes, how / what would be your approach ? Thanks

Don't suggest me any other libraries to do handshakes, or any alternatives to fizz, I can't do other than this way, thanks !

% fizz client -connect www.lego.com:443
I20240217 23:24:25.856494 1956971 FizzClientCommand.cpp:150] Connection established.
I20240217 23:24:25.876019 1956971 FizzClientCommand.cpp:287] Handshake succeeded.
I20240217 23:24:25.876044 1956971 FizzClientCommand.cpp:289]   TLS Version: TLSv1.3
I20240217 23:24:25.876052 1956971 FizzClientCommand.cpp:290]   Cipher Suite:  TLS_AES_256_GCM_SHA384
I20240217 23:24:25.876060 1956971 FizzClientCommand.cpp:291]   Named Group: secp256r1
I20240217 23:24:25.876067 1956971 FizzClientCommand.cpp:293]   Signature Scheme: ecdsa_secp256r1_sha256
I20240217 23:24:25.876075 1956971 FizzClientCommand.cpp:295]   PSK: NotAttempted
I20240217 23:24:25.876082 1956971 FizzClientCommand.cpp:296]   PSK Mode: (none)
I20240217 23:24:25.876089 1956971 FizzClientCommand.cpp:298]   Key Exchange Type: OneRtt
I20240217 23:24:25.876096 1956971 FizzClientCommand.cpp:299]   Early: NotAttempted
I20240217 23:24:25.876102 1956971 FizzClientCommand.cpp:300]   Server Identity: www.lego.com
I20240217 23:24:25.876113 1956971 FizzClientCommand.cpp:302]   Client Identity: (none)
I20240217 23:24:25.876120 1956971 FizzClientCommand.cpp:305]   Certificate Chain:
I20240217 23:24:25.876133 1956971 FizzClientCommand.cpp:309]    0 s:C = DK, L = Billund, O = LEGO System A/S, CN = www.lego.com
I20240217 23:24:25.876149 1956971 FizzClientCommand.cpp:311]      i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
I20240217 23:24:25.876160 1956971 FizzClientCommand.cpp:309]    1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
I20240217 23:24:25.876169 1956971 FizzClientCommand.cpp:311]      i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
I20240217 23:24:25.876242 1956971 FizzClientCommand.cpp:322]   Server Certificate:
-----BEGIN CERTIFICATE-----
MIIGTjCCBTagAwIBAgIQCmGyXJrfj7EPqilth5+dDjANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMzA3MDUwMDAwMDBa
Fw0yNDA3MTAyMzU5NTlaMFAxCzAJBgNVBAYTAkRLMRAwDgYDVQQHEwdCaWxsdW5k
MRgwFgYDVQQKEw9MRUdPIFN5c3RlbSBBL1MxFTATBgNVBAMTDHd3dy5sZWdvLmNv
bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABArMnbCzR756C1sfe+PNMhRnQ/fR
KGahzVRXQpAZ1kWdd6VqO06BpsPUc5K0WHOsF6wnOH4Yjff7Oh9w7W95Ws2jggPu
MIID6jAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNVHQ4EFgQU
ExGS09gYJHm6DIphroRtMdn57hMwgZgGA1UdEQSBkDCBjYIMd3d3LmxlZ28uY29t
gghsZWdvLmNvbYINKi51cy5sZWdvLmNvbYIUKi5zbGluZ3Nob3QubGVnby5jb22C
Eyouc2VydmljZXMubGVnby5jb22CDyoubGVnb2hvdXNlLmNvbYINKi5sZWdvY2Ru
LmNvbYIKKi5sZWdvLmNvbYINKi5ldS5sZWdvLmNvbTAOBgNVHQ8BAf8EBAMCB4Aw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGPBgNVHR8EgYcwgYQwQKA+
oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1
NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwPgYDVR0gBDcwNTAzBgZn
gQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
cnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
RGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1UdEwQCMAAwggF+
BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOze
w1FIWUZxH7WbAAABiSNeWPoAAAQDAEYwRAIgO1HsKPDb19zsWcdAGAGRpvU7U5kI
dr8zF6GInvKAxTkCIFhJ0EXCMAzcs6bGUXCULaZOsNT8FCTH9X8RFrX1GOBgAHYA
SLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGJI15ZGwAABAMARzBF
AiAO+mJ8X36wb6XRerKIWqP/cOy6QUq3fLlOQkmNcHo27gIhAMDWb0ZGzhA6FaNj
rOy1Wbi/R8FAuaUb9kGqPdrle2JPAHcA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0
vaQ9MEjX+6sAAAGJI15YdgAABAMASDBGAiEA71T7gVd1E386o7n+IGhqagqDQxnz
QDZ9N6JAaWp9a3wCIQDrkZPFN1C2P5iN05b3Ip0J1hcRbZWSUtZbKZPb4+9yJzAN
BgkqhkiG9w0BAQsFAAOCAQEAvZHNSCir2TU4u/94QXm7sCYQ3CsmKOZAMfu5mZnr
hpkQMsI8RHrPLmYixOxzRUZSYhi7X9jh1wL5MYU98HqsQOpRkCWMqmPOyXRtSeET
q115w+OCZ2Jq2lJ+m3dDQiyJBST/CkO3Ob+W1GOFONWRX1z21O1wadJMcEpbzXtC
G5HD4SG72B+pQrzpbYKeWSQLisELveCAMAnduk8JbcBMnJ0CI4uIsM+xYN09qbgq
C8gHtYOzGKGYZPqFbUeVb/W+JeYz0y8FgqV6JkEW4uDkxPoIbpVgOsNIEd6uoXXk
eA2xdHXcLDNoZb/ukkvuaJ3M7hPlSw3dnG8ssRs3d+suCw==
-----END CERTIFICATE-----
I20240217 23:24:25.878157 1956971 FizzClientCommand.cpp:339]   Server Certificate Compression: (none)
I20240217 23:24:25.878181 1956971 FizzClientCommand.cpp:343]   ALPN: (none)
I20240217 23:24:25.878190 1956971 FizzClientCommand.cpp:344]   Client Random: 9e0947d7697de8fe9be1774f3686807be14a77f3add93b7554567ce68919b850
I20240217 23:24:25.878203 1956971 FizzClientCommand.cpp:346]   Secrets:
I20240217 23:24:25.878211 1956971 FizzClientCommand.cpp:347]     External PSK Binder: (none)
I20240217 23:24:25.878218 1956971 FizzClientCommand.cpp:348]     Resumption PSK Binder: (none)
I20240217 23:24:25.878226 1956971 FizzClientCommand.cpp:350]     Early Exporter: (none)
I20240217 23:24:25.878232 1956971 FizzClientCommand.cpp:351]     Early Client Data: (none)
I20240217 23:24:25.878239 1956971 FizzClientCommand.cpp:353]     Client Handshake: ca2fef129f8510c1f35897c9e2912e778c67f0beab45d9b8a2abae9c67dea1758f64bf4b03f8a423ca8aa75d983e068a
I20240217 23:24:25.878249 1956971 FizzClientCommand.cpp:355]     Server Handshake: 55b5acbf3a8528489b2d9f32ad215c11432e97ca2324862e7706ceb0bda9fd1ba1b4a0acaba670f6ae7d7e7dbe8fd251
I20240217 23:24:25.878257 1956971 FizzClientCommand.cpp:357]     Exporter Master: 853687a4a9546903cf70ae0638ee918120a5f4515c97519a2ba113b2099a3c15ad6a64ade8502e7579b4f331e0bcea59
I20240217 23:24:25.878263 1956971 FizzClientCommand.cpp:358]     Resumption Master: 7f1d53923729bd1beb934a2a6d83107ae2c57c5ff791c8683882af0e0b6998f112a681d250301ac2dc18f058fd62419d
I20240217 23:24:25.878270 1956971 FizzClientCommand.cpp:360]     Client Traffic: 0fee0101569526c0f1785e0f03c0fe7fc54a6898c9528367a0a0f9169a7c114eb94cb8e0d8f87b325fa714e8d6900296
I20240217 23:24:25.878276 1956971 FizzClientCommand.cpp:361]     Server Traffic: 9588cdfcb3baed643a6e2ac119bad5b84d260ee72d9ed1e7ffdf3cdf0d28565df14bd1a5d1a47be5c767d1a58fdf3e85

I've looked at the topic of "session resumption", but didn't find anything interesting.

python ssl https cryptography tls1.3
Original Q&A
0

There are 0 answers

Related Questions in PYTHON

Related Questions in SSL

Related Questions in HTTPS

Related Questions in CRYPTOGRAPHY

Related Questions in TLS1.3

Popular Questions

Trending Questions