解码 Scapy ASN1 编码的 SSL/TLS 证书字段 [英] Decoding Scapy ASN1 encoded SSL/TLS certificate fields
问题描述
我正在使用我使用 pip 安装的 scapy-ssl_tls 库从 serverhello 数据包中提取 SSL/TLS 证书字段.
I am extracting SSL/TLS certificate fields from serverhello packet using scapy-ssl_tls library which I installed using pip.
问题是,我无法找到从 ASN1 编码字段中提取值的方法:
The problem is, I'm not able to figure out a way to extract values from ASN1 encoded fields:
sign_algo2: <ASN1_OID['.1.2.840.113549.1.1.11']>
sa2_value: <ASN1_NULL[0L]>
not_before: <ASN1_UTC_TIME['170321131500Z']>
not_after: <ASN1_UTC_TIME['200321131500Z']>
pubkey_algo: <ASN1_OID['.1.2.840.113549.1.1.1']>
version: <ASN1_INTEGER[2L]>
sn: <ASN1_INTEGER[6348220899422160075L]>
sign_algo: <ASN1_OID['.1.2.840.113549.1.1.11']>
pubkey: <ASN1_BIT_STRING['\x000\x']>
我已经挖掘出 scapy.layers.ssl_tls、ssl_tls_crypto、scapy.layers.x509 模块,但无法获得任何解码提示.我也尝试使用 asn1crypto.core 包中的 Asn1Value.load() 但失败并出现以下错误:
I've dug out scapy.layers.ssl_tls, ssl_tls_crypto, scapy.layers.x509 modules but couldn't get any hint to decode it. I also tried using Asn1Value.load() from asn1crypto.core package but it fails with following error:
TypeError: encoded_data must be a byte string, not scapy.asn1.asn1.ASN1_UTC_TIME
如果有人能帮助我最好使用 scapy 的本机解码或任何其他可能的方式解决这个问题,那就太好了.
It'd be great if anyone could help me getting this resolved using scapy's native decoding preferably or any other way possible.
注意:请注意,我必须从我从 pcap 文件中读取的 SSL/TLS serverhello 数据包中提取这些值,因为我还需要数据包标头中的其他字段.我知道在 stackoverflow 或 wireshark/tshark 上存在许多用于从 .pem 文件或可能从 .der 文件中提取/读取证书的解决方案(在将其从wireshark 明确导出后),它们在我的情况下不起作用,因为我需要一个解决方案解决从数据包中提取证书或证书字段的工作.
Note: Please note that I've to extract these values from SSL/TLS serverhello packets which I'm reading from a pcap file as I need other fields from packet headers as well. I know many solutions exist on stackoverflow or wireshark/tshark for extracting/reading certificates from .pem files or possibly from .der files (after having it exported from wireshark explicitly), they don't work in my case as I need a solution which works around extracting certificates or certificate fields from packets.
推荐答案
如果您有 X.509 证书的 DER 编码字节字符串,则使用 asn1crypto 的正确方法是:
If you have a DER-encoded byte string of the X.509 certificate, the correct way to use asn1crypto would be:
from asn1crypto import x509
cert = x509.Certificate.load(der_byte_string)
print(cert.native)
从错误消息看来,您试图传递一些表示 ASN.1 值的 Python 对象.
It would seem from the error message, you have tried to pass some of Python object that represents an ASN.1 value.
这篇关于解码 Scapy ASN1 编码的 SSL/TLS 证书字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
