PcapPlusPlus  21.05
pcpp::SSLClientHelloMessage Class Reference

#include <SSLHandshake.h>

Inheritance diagram for pcpp::SSLClientHelloMessage:
pcpp::SSLHandshakeMessage

Classes

struct  ClientHelloTLSFingerprint
 

Public Member Functions

 SSLClientHelloMessage (uint8_t *data, size_t dataLen, SSLHandshakeLayer *container)
 
ssl_tls_client_server_hellogetClientHelloHeader () const
 
SSLVersion getHandshakeVersion () const
 
uint8_t getSessionIDLength () const
 
uint8_t * getSessionID () const
 
int getCipherSuiteCount () const
 
SSLCipherSuitegetCipherSuite (int index) const
 
uint16_t getCipherSuiteID (int index, bool &isValid) const
 
uint8_t getCompressionMethodsValue () const
 
int getExtensionCount () const
 
uint16_t getExtensionsLenth () const
 
SSLExtensiongetExtension (int index) const
 
SSLExtensiongetExtensionOfType (uint16_t type) const
 
SSLExtensiongetExtensionOfType (SSLExtensionType type) const
 
template<class TExtension >
TExtension * getExtensionOfType () const
 
ClientHelloTLSFingerprint generateTLSFingerprint () const
 
std::string toString () const
 
- Public Member Functions inherited from pcpp::SSLHandshakeMessage
virtual SSLHandshakeType getHandshakeType () const
 
virtual size_t getMessageLength () const
 
virtual bool isMessageComplete () const
 
SSLHandshakeLayergetContainingLayer () const
 

Additional Inherited Members

- Static Public Member Functions inherited from pcpp::SSLHandshakeMessage
static SSLHandshakeMessagecreateHandhakeMessage (uint8_t *data, size_t dataLen, SSLHandshakeLayer *container)
 

Detailed Description

Represents a client-hello message (type 1). Inherits from SSLHandshakeMessage and adds parsing of all fields of this message including the message extensions, cipher-suite list, etc.

Constructor & Destructor Documentation

◆ SSLClientHelloMessage()

pcpp::SSLClientHelloMessage::SSLClientHelloMessage ( uint8_t *  data,
size_t  dataLen,
SSLHandshakeLayer container 
)

C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandhakeMessage() and shouldn't be used by a user

Parameters
[in]dataThe message as raw data
[in]dataLenMessage raw data length in bytes
[in]containerThe SSL handshake layer which shall contain this message

Member Function Documentation

◆ generateTLSFingerprint()

ClientHelloTLSFingerprint pcpp::SSLClientHelloMessage::generateTLSFingerprint ( ) const

TLS fingerprinting is a way to identify client applications using the details in the TLS Client Hello packet. It was initially introduced by Lee Brotherston in his 2015 research: https://blog.squarelemon.com/tls-fingerprinting/ This implementation of TLS fingerprint is a C++ version of Salesforce's JA3 open source project (originally written in Python and Zeek): https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967

Returns
A SSLClientHelloMessage::ClientHelloTLSFingerprint struct that contains all the elements needed for creating a TLS fingerprint out of this Client Hello message. This struct has also methods to extract the TLS fingerprint itself in a string or MD5 formats

◆ getCipherSuite()

SSLCipherSuite* pcpp::SSLClientHelloMessage::getCipherSuite ( int  index) const

Get a pointer to a cipher-suite by index. The cipher-suites are numbered according to their order of appearance in the message. If index is out of bounds (less than 0 or larger than total amount of cipher suites) NULL will be returned. NULL will also be returned if the cipher-suite ID is unknown. If you still want to get the cipher-suite ID you can use getCipherSuiteID()

Parameters
[in]indexThe index of the cipher-suite to return
Returns
The pointer to the cipher-suite object or NULL if index is out of bounds

◆ getCipherSuiteCount()

int pcpp::SSLClientHelloMessage::getCipherSuiteCount ( ) const
Returns
The number of cipher-suites included in this message

◆ getCipherSuiteID()

uint16_t pcpp::SSLClientHelloMessage::getCipherSuiteID ( int  index,
bool &  isValid 
) const

Get the cipher-suite ID by index. This method just parses the ID from the clinet-hello message and returns it. To get more information on the cipher-suite you can use the getCipherSuite() method

Parameters
[in]indexThe index of the cipher-suite to return
[out]isValidSet to "true" if parsing succeeded and the return value is valid or "false" if: (1) the index is out-of-bounds (less than 0 or larger than total amount of cipher suites) or (2) the parsing failed. If the value is "false" the return value can be ignored
Returns
The cipher-suite ID if "isValid" is set to "true". If "isValid" is set to "false" the return value can be ignored

◆ getClientHelloHeader()

ssl_tls_client_server_hello* pcpp::SSLClientHelloMessage::getClientHelloHeader ( ) const
inline
Returns
A struct containing common fields for client-hello and server-hello messages. Notice this points directly to the data, so every change will change the actual packet data

◆ getCompressionMethodsValue()

uint8_t pcpp::SSLClientHelloMessage::getCompressionMethodsValue ( ) const
Returns
The value of the compression method byte

◆ getExtension()

SSLExtension* pcpp::SSLClientHelloMessage::getExtension ( int  index) const

Get a pointer to an extension by index. The extensions are numbered according to their order of appearance in the message. If index is out of bounds (less than 0 or larger than total amount of extensions) NULL will be returned

Parameters
[in]indexThe index of the extension to return
Returns
The pointer to the extension or NULL if index is out of bounds

◆ getExtensionCount()

int pcpp::SSLClientHelloMessage::getExtensionCount ( ) const
Returns
The number of extensions in this message

◆ getExtensionOfType() [1/3]

SSLExtension* pcpp::SSLClientHelloMessage::getExtensionOfType ( uint16_t  type) const

Get a pointer to an extension by numeric type field. Every extension has a 2-byte numeric value representing its type (for example: renegotiation info extension type is 0x1ff). This method gets the type and returns a pointer to the extension object

Parameters
[in]typeThe 2-byte numeric type of the extension
Returns
A pointer to the extension object of NULL if this type doesn't exist in this message

◆ getExtensionOfType() [2/3]

SSLExtension* pcpp::SSLClientHelloMessage::getExtensionOfType ( SSLExtensionType  type) const

Get a pointer to an extension by its enum type

Parameters
[in]typeThe type of extension to return
Returns
A pointer to the extension object or NULL if this type doesn't exist in this message

◆ getExtensionOfType() [3/3]

template<class TExtension >
TExtension * pcpp::SSLClientHelloMessage::getExtensionOfType ( ) const

Get a pointer to an extension by its class type. This is a templated method that is used with the type of the requested extension and returns the first extension instance of this type

Returns
A pointer to the extension object or NULL if this extension type doesn't exist in this message

◆ getExtensionsLenth()

uint16_t pcpp::SSLClientHelloMessage::getExtensionsLenth ( ) const
Returns
The size (in bytes) of all extensions data in this message. Extracted from the "extensions length" field

◆ getHandshakeVersion()

SSLVersion pcpp::SSLClientHelloMessage::getHandshakeVersion ( ) const
Returns
Handshake SSL/TLS version (notice it may be different than SSLLayer::getRecordVersion(). Each client-hello or server-hello message has both record version and handshake version and they may differ from one another)

◆ getSessionID()

uint8_t* pcpp::SSLClientHelloMessage::getSessionID ( ) const
Returns
Session ID as byte array. If server-hello message doesn't include session ID NULL will be returned

◆ getSessionIDLength()

uint8_t pcpp::SSLClientHelloMessage::getSessionIDLength ( ) const
Returns
Session ID length in bytes. If server-hello message doesn't include session ID 0 will be returned

◆ toString()

std::string pcpp::SSLClientHelloMessage::toString ( ) const
virtual
Returns
A string representation of the message type (e.g "Client Hello message")

Implements pcpp::SSLHandshakeMessage.