For a better understanding SSL handshake protocol, with examples, with Wireshark packet capture SSL handshake interaction between the client and server process. In this example server https://10.21.49.130 , 192.168.1.214 native client browser.
The first phase 0x00
The client browser initiates a TCP connection request to the server, the TCP connection is established, the client sends a Client Hello message to the server, the client version supports the transfer of up SSL protocol, random number, a list of encryption algorithms, and other required information . Client Hello message content as shown below:
SSL can be seen to replace the name for TLS, SSL access to information on the reason for the update to 3.0, IETF has standardized on SSL3.0, and added a few mechanisms (SSL3.0 but almost no difference), IETF normalized renamed TLS1.0 (Transport Layer security Transport Layer security), it can be said that the new version of SSL-TLS 3.
As can be seen in FIG client hello message by the following structure:
View Ciper Suites supported encryption algorithms: DES, RSA, etc.
See extension (Extensions), found Compression Methods field 0 if not compressed.
0x02 second stage
The server sends its certificate contains the Server Hello to the client Certificate message and there Key Exchange Hello done and so on. The server's public key certificate carried, for the pre-master key to encrypt the message later. The message reads as follows:
View Certificate: found only one root certificate
观察到证书的地址为[email protected],组织名为www.gdut.edu.cn,单元名为cshao。证书公钥为3082010a0282010100d82e34...证书的签名值为:a93fe7b1ed06587df993b72673012b2d3a...等一些字段。
通过以上分析可知证书结构如下图:
0x02 第三阶段与第四阶段
服务器发送完Certificate消息后继续发送Server Key Exchange和Server Hello Done消息,Server Key Exchange消息中包含有密钥交换算法所需要的额外参数。Server Hello Done消息表示服务器已发送完此阶段的全部信息。
客户端发送Client Key Exchange和Change Cipher Spec消息,Client Key Exchange包含使用服务器RSA公钥加密过的随机数Pre_Master_Secret,该参数用于后续生成主密钥;Change Cipher Spec消息告诉服务器,接下来的消息将采用新协商的加密套件和密钥进行通信,并通知客户端到服务器的握手过程结束。
接着服务器同样发送Change Cipher Spe消息通知服务器到客户端的握手过程结束,并发送一个加密的握手数据Encrypted Handshake Message 消息,客户端收到消息解密后进行验证,验证通过则说明握手过程中的数据没有被篡改过,也说明服务器是之前交换证书的持有者。现在双方就可以开始加密通信Application Data。
IPSec服务器的搭建与ESP简单抓包及分析
设备有win10,win10上vmware里的linux虚拟机,以此作为服务器。服务器的搭建参考以下:
配置服务器
配置完如图:
注意到自动配置的ip地址为学校的ip,本机不能进行访问。修改/etc/ipsec.conf文件,使其中的leftid=192.168.220.128 为虚拟机的ip地址。
重启服务:systemctl restart ipsec xl2tpd
查看是否在运行:systemctl status ipsec
配置客户端
-
右键单击系统托盘中的无线/网络图标。
-
选择 打开网络和共享中心。或者,如果你使用 Windows 10 版本 1709 或以上,选择 打开"网络和 Internet"设置,然后在打开的页面中单击 网络和共享中心。
-
单击 设置新的连接或网络。
-
选择 连接到工作区,然后单击 下一步。
-
单击 使用我的Internet连接 (VPN)。
-
在 Internet地址 字段中输入
你的 VPN 服务器 IP。 -
在 目标名称 字段中输入任意内容。单击 创建。
-
Returns the Network and Sharing Center . Click on the left side of the Change adapter settings .
-
Right-click the newly created VPN connection, and select Properties .
-
Click the Security tab, and from the VPN Type drop-down menu, select "Use IPsec Layer 2 Tunneling Protocol (L2TP / IPSec)".
-
Click allowing the use of these protocols . Select the "Challenge Handshake Authentication Protocol (CHAP)" and "Microsoft CHAP version 2 (MS-CHAP v2)" check box.
-
Click the Advanced Settings button.
-
Click the Use pre-shared key for authentication and key input field
你的 VPN IPsec PSK. -
Click OK to close the Advanced Settings .
-
Click OK Details VPN connections saved.
Screenshot successful connection:
wireshark packet capture analysis
ESP random intercept a package, the package did not see AH:
