tlsfuzzer.messages module
Objects for generating TLS messages to send.
- class tlsfuzzer.messages.AlertGenerator(level=1, description=0)[source]
Bases:
MessageGenerator
Generator for TLS Alert messages.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Modify the state after sending the message.
- class tlsfuzzer.messages.ApplicationDataGenerator(payload)[source]
Bases:
MessageGenerator
Generator for TLS Application Data messages.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Modify the state after sending the message.
- class tlsfuzzer.messages.CertificateGenerator(certs=None, cert_type=None, version=None, context=None)[source]
Bases:
HandshakeProtocolMessageGenerator
Generator for TLS handshake protocol Certificate message.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Update handshake hashes after sending.
- class tlsfuzzer.messages.CertificateVerifyGenerator(private_key=None, msg_version=None, msg_alg=None, sig_version=None, sig_alg=None, signature=None, rsa_pss_salt_len=None, padding_xors=None, padding_subs=None, mgf1_hash=None, context=None)[source]
Bases:
HandshakeProtocolMessageGenerator
Generator for TLS handshake protocol Certificate Verify message.
- Variables:
msg_alg (tuple(int,int)) – signature and hash algorithm to be set on in the digitally-signed structure of TLSv1.2 Certificate Verify message. By default the first matching algorithm from CertificateRequest that matches our key or sent certificate. If no CertificateRequest received it will send the first algorithm matching our key or certificate sent. If no Certificate nor private key is available, it will select first algorithm from CertificateRequest. If no Certificate, CertificateRequest nor private key is availbale then it will use SHA-1 + RSA The first value in the tuple specifies hash type (from HashAlgorithm) and the second value specifies the signature algorithm (from SignatureAlgorithm). Or the value from SignatureScheme.
msg_version (tuple(int,int)) – protocol version that the message is to use, default is taken from current connection state
sig_version (tuple(int,int)) – protocol version to use for calculating the verify bytes for the signature (overrides msg_version, but just for the signature). Equal to msg_version by default.
sig_alg (tuple(int,int)) – hash and signature algorithm to be used for creating the signature in the message. Equal to msg_alg by default. Requires the
sig_version
to be set to at least TLSv1.2 to be effective.signature (bytearray) – bytes to sent as the signature of the message
padding_xors (dict(int,int)) – which bytes of the pre-encryption RSA padding or post-signature ECDSA signature should be xored and with what values
padding_subs (dict(int,int)) – same as padding_xors but substitues specified bytes instead
mgf1_hash (str) – name of the hash to be used for calculating MGF1, effective only if sig_alg is set to a RSA_PSS algorithm and sig_version is TLS 1.2 or greater. By default the hash taken from sig_alg.
rsa_pss_salt_len (int) – length of the salt (in bytes) used in signature. Effective only if sig_alg is set to a RSA_PSS algorithm and sig_version is TLS 1.2 or greater. By default it’s equal to the length of the hash taken from sig_alg.
private_key (
RSAKey
orECDSAKey
) – key that will be used for signing the message
- _get_key_and_key_type(status)[source]
Get a key, or if not possible, certificate for selecting the signature algorithm.
- _normalise_subs_and_xors(max_byte)[source]
Make sure that the substitutions and xors don’t go over the size of buffer, this is fine as ECDSA signatures are ASN.1 objects so have variable size
- _repr(attributes)
Return a text representation of the object.
- _select_msg_alg(status)[source]
Select the signature algorithm based on CertificateRequest from server, either our sent Certificate or our private key and the protocol version.
- static _sig_alg_for_certificate(key_alg, accept_sig_algs, version, key)[source]
Select an acceptable signature algorithm based on key algorithm, protocol version and curve name (in case of ECDSA).
- static _sig_alg_for_dsa_key(accept_sig_algs, version, key)[source]
Select an acceptable signature algorithm for a given DSA key.
- static _sig_alg_for_ecdsa_key(accept_sig_algs, version, key)[source]
Select an acceptable signature algorithm for a given ecdsa key.
- static _sig_alg_for_rsa_key(key_alg, accept_sig_algs, version)[source]
Select an acceptable signature algorithm for a given rsa key.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Update handshake hashes after sending.
- class tlsfuzzer.messages.ChangeCipherSpecGenerator(extended_master_secret=None, fake=False)[source]
Bases:
MessageGenerator
Generator for TLS Change Cipher Spec messages.
Note
After sending the ChangeCipherSpec message, in TLS 1.2 and earlier, the record layer will switch to encrypted communication (or newly negotiated keys). In TLS 1.3 the message has no effect on encryption or record layer state.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- class tlsfuzzer.messages.ClearContext(context)[source]
Bases:
Command
Object used to zero-out the context used in PHA.
This is necessary if the conversation is executed more than once.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.ClientHelloGenerator(ciphers=None, extensions=None, version=None, session_id=None, random=None, compression=None, ssl2=False, modifiers=None)[source]
Bases:
HandshakeProtocolMessageGenerator
Generator for TLS handshake protocol Client Hello messages.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Update handshake hashes after sending.
- class tlsfuzzer.messages.ClientKeyExchangeGenerator(cipher=None, version=None, client_version=None, dh_Yc=None, padding_subs=None, padding_xors=None, ecdh_Yc=None, encrypted_premaster=None, modulus_as_encrypted_premaster=False, p_as_share=False, p_1_as_share=False, premaster_secret=None, padding_byte=None, reuse_encrypted_premaster=False, encrypted_premaster_file=None, encrypted_premaster_length=None, random_premaster=False)[source]
Bases:
HandshakeProtocolMessageGenerator
Generator for TLS handshake protocol Client Key Exchange messages.
- Variables:
dh_Yc (int) – Override the sent dh_Yc value to the specified one
padding_subs (dict(int,int)) – Substitutions for the encrypted premaster secret padding bytes (applicable only for the RSA key exchange)
padding_xors (dict(int,int)) – XORs for the encrypted premaster secret padding bytes (applicable only for the RSA key exchange)
ecdh_Yc (bytearray) – encoded ECC point being the client key share for the key exchange
encrypted_premaster (bytearray) – the premaster secret after it was encrypted, as it will be sent on the wire
modulus_as_encrypted_premaster (bool) – if True, set the encrypted premaster (the value seen on the wire) to the server’s certificate modulus (the server’s public key)
p_as_share (bool) – set the key share to the value provided by server in Server Key Exchange (applicable only to FFDHE key exchange)
p_1_as_share (bool) – set the key share to the value , as provided by server in Server Key Exchange (applicable only to FFDHE key exchange with safe primes)
padding_byte (int) – byte to use as padding instead of randomly generated bytes (applicable only for RSA key exchange)
client_version (tuple(int,int)) – the version to set in the RSA pre-master secret
reuse_encrypted_premaster (bool) – if set to true, the message generator will create the RSA ciphertext once and reuse it for subsequent connections. Applicable only to RSA key exchange, useful only for tests that run the same conversation over and over (like timing tests).
encrypted_premaster_file (file object) – The file object from which to read the encrypted premaster secret, on node re-ececution will read subsequent values, does not rewind the file pointer or close the file. The file must be opened in binary mode
encrypted_premaster_length (int) – The length of data to read, in bytes
random_premaster (bool) – whether to use a random premaster value or the static default (48 zero bytes)
- _encrypt_with_fuzzing(public_key)[source]
Use public_key to encrypt premaster secret with fuzzed padding.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- class tlsfuzzer.messages.ClientMasterKeyGenerator(cipher=None, master_key=None)[source]
Bases:
HandshakeProtocolMessageGenerator
Generator for SSLv2 Handshake Protocol CLIENT-MASTER-KEY message.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Update handshake hashes after sending.
- class tlsfuzzer.messages.Close[source]
Bases:
Command
Object used to close a TCP connection.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.CloseRST[source]
Bases:
Command
Object used to close a TCP connection with a RST packet.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.CollectNonces(nonces)[source]
Bases:
Command
Start collecting nonces being sent by the server in the provided array.
Works only for ciphers like AES-GCM which use explicit nonces. Ciphers like Chacha20 use implicit nonce constructed from PRF output and sequence number.
Needs to be run after the cipher was negotiated and switched to (after CCS), will collect nonces only till next renegotiation.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.Command[source]
Bases:
TreeNode
Command objects.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- class tlsfuzzer.messages.Connect(hostname, port, version=(3, 0), timeout=5)[source]
Bases:
Command
Object used to connect to a TCP server.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.CopyVariables(log)[source]
Bases:
Command
Copy current random values of connection to provided arrays.
Available keys are either
ClientHello.random
,ServerHello.random
,ServerHello.session_id
or one of the values inkey
inConnectionState
(premaster_secret
,master_secret
,ServerHello.extensions.key_share.key_exchange
,server handshake traffic secret
,exporter master secret
,ServerKeyExchange.key_share
,ServerKeyExchange.dh_p
,ClientKeyExchange.dh_Yc
,ClientKeyExchange.ecdh_Yc
,DH shared secret
,PSK secret
,client_verify_data
,server_verify_data
,client application traffic secret
,server application traffic secret
,resumption master secret
,early secret
, orhandshake secret
)The log should be a dict (where keys have the above specified names) and values should be arrays (the values will be appended there).
This node needs to be put right after a node that calculate or use the specific values to guarantee correct collection (i.e. if the conversation performs a renegotiation, it needs to be placed after both
ExpectServerHello
nodes to collect bothServerHello.random
values).- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.FinishedGenerator(protocol=None, trunc_start=0, trunc_end=None, pad_byte=0, pad_left=0, pad_right=0, context=None)[source]
Bases:
HandshakeProtocolMessageGenerator
Generator for TLS handshake protocol Finished messages.
Note
The FinishedGenerator may influence the record layer encryption. In SSLv2, the record layer will be configured to expect encrypted records and send encrypted records before the message is sent. In SSLv3 up to TLS 1.2 the message has no impact on state of encryption. In TLS 1.3, after the message is sent, the record layer will be switched to use
client_application_traffic_secret
keys for sending.- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- class tlsfuzzer.messages.FlushMessageList(fragment_list)[source]
Bases:
PopMessageFromList
Takes a reference to list, empties it to generate a message.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Modify the state after sending the message.
- class tlsfuzzer.messages.FlushMessageQueue(description=None)[source]
Bases:
Command
Flush the record layer queue of messages.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.HandshakeProtocolMessageGenerator[source]
Bases:
MessageGenerator
Message generator for TLS Handshake protocol messages.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- generate(state)
Return a message ready to write to socket.
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- class tlsfuzzer.messages.HeartbeatGenerator(payload, message_type=1, padding_length=None)[source]
Bases:
MessageGenerator
Generator for heartbeat messages.
- Variables:
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- generate(state)[source]
Create a Heartbeat message.
- Return type:
~tlslite.messages.Heartbeat
- Returns:
heartbeat message to be sent to the other side
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Modify the state after sending the message.
- class tlsfuzzer.messages.KeyUpdateGenerator(message_type=0)[source]
Bases:
MessageGenerator
Generator for TLS 1.3 KeyUpdate message.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- class tlsfuzzer.messages.MessageGenerator[source]
Bases:
TreeNode
Message generator objects.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- class tlsfuzzer.messages.PlaintextMessageGenerator(content_type, data, description=None)[source]
Bases:
Command
Send a plaintext data record irrespective of encryption state.
Does not update handshake hashes, record layer state, does not fragment, etc.
- Variables:
content_type (int) – content type of message, used in record layer header. See
ContentType
for well-known values~.data (bytearray) – payload for the record
~.description (str) – identifier to print when processing of the node fails
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.PopMessageFromList(fragment_list)[source]
Bases:
MessageGenerator
Takes a reference to list, pops a message from it to generate one.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- class tlsfuzzer.messages.RawMessageGenerator(content_type, data, description=None)[source]
Bases:
MessageGenerator
Generator for arbitrary record layer messages.
Can generate message with any content_type and any payload. Will be encrypted if encryption is negotiated in the connection.
- Variables:
content_type (int) – content type of message, used in record layer header. See
ContentType
for well-known values~.data (bytearray) – payload for the record
~.description (str) – identifier to print when processing of the node fails
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a generator node.
- is_expect()
Define object as a generator node.
- is_generator()
Define object as a generator node.
- post_send(state)
Modify the state after sending the message.
- class tlsfuzzer.messages.RawSocketWriteGenerator(data, description=None)[source]
Bases:
Command
Send a plaintext data irrespective of encryption state.
Does not update handshake hashes, record layer state, does not fragment, etc.
- Variables:
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.ResetHandshakeHashes[source]
Bases:
Command
Object used to reset current state of handshake hashes to zero.
Used for session renegotiation or resumption.
Also prepares for negotiation (or dropping) of record_size_limit extension.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.ResetRenegotiationInfo(client=None, server=None)[source]
Bases:
Command
Object used to reset state of data needed for secure renegotiation.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.ResetWriteConnectionState[source]
Bases:
Command
Reset _writeState configuration to default values
All sent messages will be unencrypted now
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.SetMaxRecordSize(max_size=None)[source]
Bases:
Command
Change the Record Layer to send records of non standard size.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.SetPaddingCallback(cb=None)[source]
Bases:
Command
Set the padding callback which returns the length of the padding to be added to the message in the record layer.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- static add_fixed_padding_cb(size)[source]
Returns a callback function which returns a fixed number as the padding size
- static fill_padding_cb(length, contenttype, max_padding)[source]
Simple callback which returns the maximum padding size as the size of the padding to be added to the message
- static fixed_length_cb(size)[source]
Returns a callback function which returns a fixed number as the padding size
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.SetRecordVersion(version)[source]
Bases:
Command
Change the version used at record layer.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.TCPBufferingDisable[source]
Bases:
Command
Stop buffering all writes on the TCP level.
All messages will be now passed directly to the TCP socket
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.TCPBufferingEnable[source]
Bases:
Command
Start buffering all writes on the TCP level of connection.
You will need to call an explicit flush to send the messages.
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- class tlsfuzzer.messages.TCPBufferingFlush[source]
Bases:
Command
Send all messages in the buffer.
Does not change the state of buffering
- _repr(attributes)
Return a text representation of the object.
- add_child(child)
Sets the parameter as the child of the node
- Returns:
the child node
- get_all_siblings()
Return iterator with all siblings of node
- Return type:
iterator
- is_command()
Define object as a command node.
- is_expect()
Define object as a command node.
- is_generator()
Define object as a command node.
- tlsfuzzer.messages._apply_function(data, settings, fun)[source]
Modify data based on settings and function fun.
- tlsfuzzer.messages.ch_cookie_handler(state)[source]
Client Hello cookie extension handler.
Copies the cookie extension from last HRR message.
Client Hello key_share extension handler.
Generates the key share for the group selected by server in the last HRR message.
- tlsfuzzer.messages.div_ceil(divident, divisor)[source]
Perform integer division of divident by divisor, round up.
- tlsfuzzer.messages.fuzz_encrypted_message(generator, substitutions=None, xors=None)[source]
Change arbitrary bytes of the authenticated ciphertext block.
Can modify authentication tag of AEAD ciphers and CBC ciphers working in encrypt then MAC mode.
- Parameters:
generator (MessageGenerator) – modified message
substitutions (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to change the bytes to
xors (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to xor with
- tlsfuzzer.messages.fuzz_mac(generator, substitutions=None, xors=None)[source]
Change arbitrary bytes of the MAC value.
Works with stream and CBC cipher suites in SSL 3 up to TLS 1.2. Works with both encrypt then MAC and MAC then encrypt connections.
- Parameters:
generator (MessageGenerator) – modified message
substitutions (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to change the bytes to
xors (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to xor with
- tlsfuzzer.messages.fuzz_message(generator, substitutions=None, xors=None)[source]
Change arbitrary bytes of the message after write.
Modified data includes handshake protocol header but doesn’t include record header, content type or record-level padding.
- Parameters:
generator (MessageGenerator) – modified message
substitutions (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to change the bytes to
xors (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to xor with
- tlsfuzzer.messages.fuzz_padding(generator, min_length=None, substitutions=None, xors=None)[source]
Change the padding of the message.
Works with CBC ciphers only.
Note: the “-1” position is the byte with the length of padding while “-2” is the last byte of padding (if padding has non-zero length)
- Parameters:
generator (MessageGenerator) – modified message
min_length (int) – the minimum length of padding created, including the byte specifying length of padding, must be smaller than 257
substitutions (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to change the bytes to
xors (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to xor with
- tlsfuzzer.messages.fuzz_pkcs1_padding(key, substitutions=None, xors=None, padding_byte=None)[source]
Fuzz the PKCS#1 padding used in signatures or encryption.
Use to modify Client Key Exchange padding of encrypted value.
- tlsfuzzer.messages.fuzz_plaintext(generator, substitutions=None, xors=None)[source]
Change arbitrary bytes of the plaintext right before encryption.
Get access to all data before encryption, including the IV, MAC and padding.
Works only with CBC ciphers. in EtM mode will not include MAC.
Note: the “-1” position is the byte with length of padding while “-2” is the last byte of padding (if padding has non-zero length)
- Parameters:
substitutions (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to change the bytes to
xors (dict(int,int)) – modify specified bytes of the message, the keys indicate the positions in the message (negative numbers count from the end of messages), the values of the dictionary specify the values to xor with
- tlsfuzzer.messages.pad_handshake(generator, size=0, pad_byte=0, pad=None)[source]
Pad or truncate handshake messages.
Pad or truncate a handshake message by given amount of bytes, use negative size to truncate. Update handshake protocol header to compensate.
- Parameters:
generator (MessageGenerator) – modified message
size (int) – number of bytes to add at the end (if positive) or number of bytes to remove at the end of payload (if negative)
pad_byte (int) – numerical value of added bytes, must be between 0 and 255 inclusive
pad (bytearray) – bytes to add at the end of payload
- tlsfuzzer.messages.post_send_msg_sock_restore(obj, method_name, old_method_name)[source]
Un-Monkey patch a method of msg_sock.
(Method used internally by tlsfuzzer.)
- tlsfuzzer.messages.queue_message(generator)[source]
Queue message with other ones of the same content type.
Allow coalescing of the message with other messages with the same content type, this allows for sending Certificate and CertificateVerify in a single record.
- tlsfuzzer.messages.replace_plaintext(generator, new_plaintext)[source]
Change the plaintext of the message right before encryption.
Will replace all data before encryption, including the IV, MAC and padding.
Note: works only with CBC ciphers. in EtM mode will NOT modify MAC.
Length of new_plaintext must be multiple of negotiated cipher block size (8 bytes for 3DES, 16 bytes for AES)
- tlsfuzzer.messages.skip_post_send(generator)[source]
Make the post_send method of generator do nothing.
This is useful when combining messages that update connection state, like KeyUpdate or Finished in TLS 1.3.
- tlsfuzzer.messages.split_message(generator, fragment_list, size)[source]
Split a given message type to multiple messages.
Allows for splicing message into the middle of a different message type
- tlsfuzzer.messages.substitute_and_xor(data, substitutions, xors)[source]
Apply changes from substitutions and xors to data for fuzzing.
(Method used internally by tlsfuzzer.)
- tlsfuzzer.messages.truncate_handshake(generator, size=0, pad_byte=0)[source]
Truncate a handshake message.
See
pad_handshake()
for inverse of this function