Current location - Quotes Website - Personality signature - Analysis of handshake and packet capture of state secret SSL VPN
Analysis of handshake and packet capture of state secret SSL VPN
Windows PC computer;

State secret SSL VPN client (browser);

Wireshark client (supporting state secret protocol version, github address) is used to view handshake data.

Open the wireshark client and monitor the corresponding network card. Wireshark can check which network card has network fluctuation when networking, and select the corresponding network card.

Wireshark settings are based on IP filtering, and set IP filtering of national secret servers connected by SSL VPN. An IP address is the address of a gateway or security service for secure access.

At this time, you can see the handshake data through GMTLS protocol. According to the requirements, we analyze it in detail.

The client sends a client Hello message to the server to transmit the version number, random number and encryption algorithm list of the highest SSL protocol supported by the client. The content of the client Hello message is shown in the following figure:

After receiving the client's request to establish SSL connection, the server sends the version number, random number, session ID, encryption algorithm and other related information of SSL protocol to the client by sending the server Hello message. The message reads as follows:

At the same time, the server sends a certificate message containing its certificate to the client. The server public key carried in the certificate. As shown in the figure below:

Send a certificate request message, asking the server to report the certificate, as shown in the following figure:

The client sends the message of client key exchange and changing Crypter Spec. The client key exchange contains the random number Pre_Master_Secret encrypted with the server public key, which is used to generate the master key in the future. (Here, the client generates a third random number with the two random numbers mentioned above, and then encrypts the third random number with the public key in the server certificate to generate pre _ master _ secret) * *; The message of changing password specification informs the server that the next message will be communicated with the newly negotiated encryption suite and key, and informs the client that the handshake process from the server has ended. As shown in the figure below:

The server also sends a change cipher SPE message to inform the end of the handshake process between the server and the client, and sends an encrypted handshake message. After the message is decrypted, the client verifies it. If the verification passes, it means that the data in the handshake process has not been tampered with, and it also means that the server is the holder of the previous exchange certificate. Now both parties can start encrypted communication. As shown in the figure below:

Related articles
  • Help you create streamer characters online.
  • The cryptographic technology of blockchain mainly includes
  • How can I not install vivo mobile phone WeChat after downloading? Always shows that the signature of the new version is inconsistent with the signature of the old version, so it cannot be installed.
  • How to change the size of a PDF document?
  • Download the complete works of color e-book txt
  • Complete collection of online names for girls in the fairy-like and cool-looking forest style. Internet names for literary, retro and cool-looking forest girls.
  • What thoughts are whispering in the undecided event book?
  • Deng Chao attended the funeral of an old-timer, but he was denounced by Zhang Guoli. Netizens expressed their understanding. What happened?
  • China Bank's online bank transfer always appears to be installed: Jida Jacky signature client tool.
  • Can the flag be signed?

    • copyright 2024 Quotes Website All rights reserved