PcapPlusPlus
21.05
|
#include <SSLHandshake.h>
Classes | |
struct | ClientHelloTLSFingerprint |
Public Member Functions | |
SSLClientHelloMessage (uint8_t *data, size_t dataLen, SSLHandshakeLayer *container) | |
ssl_tls_client_server_hello * | getClientHelloHeader () const |
SSLVersion | getHandshakeVersion () const |
uint8_t | getSessionIDLength () const |
uint8_t * | getSessionID () const |
int | getCipherSuiteCount () const |
SSLCipherSuite * | getCipherSuite (int index) const |
uint16_t | getCipherSuiteID (int index, bool &isValid) const |
uint8_t | getCompressionMethodsValue () const |
int | getExtensionCount () const |
uint16_t | getExtensionsLenth () const |
SSLExtension * | getExtension (int index) const |
SSLExtension * | getExtensionOfType (uint16_t type) const |
SSLExtension * | getExtensionOfType (SSLExtensionType type) const |
template<class TExtension > | |
TExtension * | getExtensionOfType () const |
ClientHelloTLSFingerprint | generateTLSFingerprint () const |
std::string | toString () const |
Additional Inherited Members |
Represents a client-hello message (type 1). Inherits from SSLHandshakeMessage and adds parsing of all fields of this message including the message extensions, cipher-suite list, etc.
pcpp::SSLClientHelloMessage::SSLClientHelloMessage | ( | uint8_t * | data, |
size_t | dataLen, | ||
SSLHandshakeLayer * | container | ||
) |
C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandhakeMessage() and shouldn't be used by a user
[in] | data | The message as raw data |
[in] | dataLen | Message raw data length in bytes |
[in] | container | The SSL handshake layer which shall contain this message |
ClientHelloTLSFingerprint pcpp::SSLClientHelloMessage::generateTLSFingerprint | ( | ) | const |
TLS fingerprinting is a way to identify client applications using the details in the TLS Client Hello packet. It was initially introduced by Lee Brotherston in his 2015 research: https://blog.squarelemon.com/tls-fingerprinting/ This implementation of TLS fingerprint is a C++ version of Salesforce's JA3 open source project (originally written in Python and Zeek): https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967
SSLCipherSuite* pcpp::SSLClientHelloMessage::getCipherSuite | ( | int | index | ) | const |
Get a pointer to a cipher-suite by index. The cipher-suites are numbered according to their order of appearance in the message. If index is out of bounds (less than 0 or larger than total amount of cipher suites) NULL will be returned. NULL will also be returned if the cipher-suite ID is unknown. If you still want to get the cipher-suite ID you can use getCipherSuiteID()
[in] | index | The index of the cipher-suite to return |
int pcpp::SSLClientHelloMessage::getCipherSuiteCount | ( | ) | const |
uint16_t pcpp::SSLClientHelloMessage::getCipherSuiteID | ( | int | index, |
bool & | isValid | ||
) | const |
Get the cipher-suite ID by index. This method just parses the ID from the clinet-hello message and returns it. To get more information on the cipher-suite you can use the getCipherSuite() method
[in] | index | The index of the cipher-suite to return |
[out] | isValid | Set to "true" if parsing succeeded and the return value is valid or "false" if: (1) the index is out-of-bounds (less than 0 or larger than total amount of cipher suites) or (2) the parsing failed. If the value is "false" the return value can be ignored |
|
inline |
uint8_t pcpp::SSLClientHelloMessage::getCompressionMethodsValue | ( | ) | const |
SSLExtension* pcpp::SSLClientHelloMessage::getExtension | ( | int | index | ) | const |
Get a pointer to an extension by index. The extensions are numbered according to their order of appearance in the message. If index is out of bounds (less than 0 or larger than total amount of extensions) NULL will be returned
[in] | index | The index of the extension to return |
int pcpp::SSLClientHelloMessage::getExtensionCount | ( | ) | const |
SSLExtension* pcpp::SSLClientHelloMessage::getExtensionOfType | ( | uint16_t | type | ) | const |
Get a pointer to an extension by numeric type field. Every extension has a 2-byte numeric value representing its type (for example: renegotiation info extension type is 0x1ff). This method gets the type and returns a pointer to the extension object
[in] | type | The 2-byte numeric type of the extension |
SSLExtension* pcpp::SSLClientHelloMessage::getExtensionOfType | ( | SSLExtensionType | type | ) | const |
Get a pointer to an extension by its enum type
[in] | type | The type of extension to return |
TExtension * pcpp::SSLClientHelloMessage::getExtensionOfType | ( | ) | const |
Get a pointer to an extension by its class type. This is a templated method that is used with the type of the requested extension and returns the first extension instance of this type
uint16_t pcpp::SSLClientHelloMessage::getExtensionsLenth | ( | ) | const |
SSLVersion pcpp::SSLClientHelloMessage::getHandshakeVersion | ( | ) | const |
uint8_t* pcpp::SSLClientHelloMessage::getSessionID | ( | ) | const |
uint8_t pcpp::SSLClientHelloMessage::getSessionIDLength | ( | ) | const |
|
virtual |
Implements pcpp::SSLHandshakeMessage.