ajmassi/ScapyTLSmod.md

Created May 7, 2020 03:57

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/ajmassi/0e1b5a71a473ae56c88b5339fb932e47.js"></script>
Save ajmassi/0e1b5a71a473ae56c88b5339fb932e47 to your computer and use it in GitHub Desktop.

Download ZIP

Simple TLS field manipulation using Scapy TLS module.

Raw

ScapyTLSmod.md

Scapy TLS Field Manipulation

Used Scapy 2.4.3 w/ IPython 7.13.0

Pre-Req:

# Enable TLS parsing in Scapy in (/usr/lib/pythonX/dist-packages/scapy/config.py) by adding 'tls' to the "load_layers" list
# OR in a script by adding the line:
load_layer("tls")

Making Packet Modifications:

# Load file and specific packet
pcap = rdpcap('<file.pcap>')[<INT_packet_num>]

# Copy and parse raw TLS
pcap_tls = TLS(pcap_in[Raw].load)

# Fields can be written to with either integers or hexadecimal 
# ex. - integer:
pcap_tls.len = 306
# ex. - hex:
pcap_tls.version = 0x0303

# Overwrite TLS data and write out to file
pcap[Raw] = pcap_tls
wrpcap('<file.pcap>', pcap)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment