TLS13BodyParser.py

from Crypto.Cipher import AES


class TLS13BodyParser:
    def __init__(self, socket, key, iv):
        self.socket = socket
        self.total_buff = b""
        self.count = 0
        self.key = key
        self.iv = iv
        self.accu = b""
        # self.accu_no_sf = b""

    def read_bytes(self, length):
        buff = b""
        while length > 0:
            temp = self.socket.recv(length)
            length -= len(temp)
            buff += temp

        self.total_buff += buff
        return buff

    def parse(self):
        certificates = {}
        certificates["cipherchange"] = self.read_bytes(6).hex()
        print(certificates["cipherchange"])
        certificates["parse_extensions"] = self.parse_next()
        # print(certificates)
        certificates["parse_certs"] = self.parse_next()
        certificates["cert_verify"] = self.parse_next()
        certificates["handshake_finished"] = self.parse_next()
        # certificates['misc'] = self.parse_next()
        return certificates

    def get_acc(self):
        return self.accu

    def get_accu_no_sf(self):
        return self.accu_no_sf

    def parse_next(self):
        tpe = self.read_bytes(1).hex()
        # print(tpe)
        assert tpe == "17"
        protocol = self.read_bytes(2).hex()
        # print(tpe, protocol)
        assert protocol == "0303"

        length = int.from_bytes(self.read_bytes(2), "big")

        data = self.read_bytes(length - 16)
        tag = self.read_bytes(16)
        iv = self.xor_iv(self.iv, self.count)
        dec = self.AES_decrypt(
            data,
            self.key,
            iv,
            bytes.fromhex(tpe + protocol + length.to_bytes(2, "big").hex()),
            tag,
        )[:-1]
        # if dec[0] != 20:
        #     self.accu_no_sf += dec
        self.accu += dec
        self.count += 1
        return {"data": dec.hex()}

    def AES_decrypt(self, text, key, iv, data, tag):
        cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
        cipher.update(data)
        return cipher.decrypt_and_verify(text, tag)

    def AES_encrypt(self, text, key, iv, data):
        cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
        cipher.update(data)
        return cipher.encrypt_and_digest(text)

    def xor_iv(self, a, b):
        if type(a) == bytes:
            a = int.from_bytes(a, "big")
        if type(b) == bytes:
            b = int.from_bytes(b, "big")

        return (a ^ b).to_bytes(12, "big")

    def get_raw(self):
        return self.total_buff


if __name__ == "__main__":
    data = bytes.fromhex(
        "140303000101170303001bc3968588dd43d9a9823a5ed8b32e64ad427b502ca4c9253f2afd0917030313dbba9e45518319ca837e8c5c148df1a07ebfb97a86a3d237ecd68f7218f12ad46b26ee87ce2df6e50e53db7e997915ee4dccdde7e81f0e608d94535e3e3f143af7aeef2b8e0cda41103948fd4960d60747ac4966214322ee5ff3c9d2b2ebc3ad899ed994272e6d538db4fb0aa54ad39655546ebc93466f18843ec47d25fa3e421a978566e7c9b19f55887b723e979930732ab57c7d6d800a65194f104bcfffaf93a6a93086eb26f6a660c0ef26e5e21307f4fda74d662e162a2be5226fb5c77960bc3492459467c19acda611e65c61e602aa6ad2478c4f6472b07167e65cddf07b3fbc576d71f476c8ef187e5b91839794541aa28cfefa612e3a509d32dccd7c86e4e7dae557f09230d4ea1d62bbee5cbe8a1626aec48d76cc2c89e18a190c8dbe4b2bb53d0c8aa3e397beed62e570a68c5b5cf965f72821e53fe14f35262146364e845ba3c744331485bdc09cea5b2e01af7aee8e2cf8d7aa2ed413dc26e8599b16f62512959c6b18947b2c052954cb6603eab3719419647928c393948526314f6d61b5d1edc526f92c7bb88cff5bc1edad6db08bf8e9db5ab0cfb37ed43b300b5efd72ca6bee428eb6276204f3a4b462bb22c6580941c42a729b76b88b8b9165ab0a77d7fd50a516b2e3a684a83dea1b8a3f39b37211be004619c601e6f67724e0c4516d95b55cdd61a7c5d4f71b866eb6be78e66a46319df6c81bd7b19a99d7d6857770ef04a98f9a65bb58368d3a088ae5ec9074f932858e4e4b6f7f6392860ce680722c6296f8ec3fa9dfe14f0c1e8310d208bdc3fc6e50d815f865c226c65e09654223d10cec49a1c88a529f2419a7b9dc8de4fe733d5e4a031f9f5e7d1f3fd5b9b6556f9a330e1fd4d26b350b1c7c52a773f4ee9955cb4bfd8991f13e8c1c5a407c4ce5da78537caaaa2f8efb772e168990262902264c2769a1f92cd3d9980a64f0883660aaab79bb359f50712114c969aae84575e418dd9603f38b958aaeb3c6d7068d8a8d08b2b6b26e356edb3b28a9dabdd8882b6cb59390dbb92d771a118410eae436b686d2aa7b74e383df2f9dbed05b7fa216a9c84ca398070e534b04a3572f59ecf5415962b05c0188f8db5003a794d08115d55c69381a1ddf7b367049cd96afaed60ab209556ae49d669a96ac8454c09d3e8bb7c9d80082ba7c8f8be6c4cd28963264d126064400403a534bc202c9ebc26276b093c29c89a5110431ce2f456ad8ff9d09f369dae1daa011532332168c6f11a06934801af3a835a75d4bff5dd8d8d37b4487ba72a8b627edd5f26a1f01072fcb7217886cba2c3c13ba671c4a68e2c3057e278f890a3200e51654998bd6ade2d924618ab5ad7b7bd38e69e2b30e7ba4028bf6002d2cdb47e6a661ae119ecfe483abdb2232435e2da8aab31a2e5e238136572f3d5a493ac1b685cd79149335f88be37cadb9499d3f09fc268497357673e14637b4069af63347883bd54526f670d6baa134e66c3e57ff79f68a3df9704ccd55b8f86eed00d8e89d4cd0b1a3034ba46459ab328db6a9eb47b61fb0b7a4752bdb35418673e0323c438df0e0e4ffba100907ddb5e450336db7380f7aced9c8091d8510f2ce69b31e3e5d311f00523fe32575d4c4ece5e4f2075cc007418ab3c58c0581e73785becaeb8a16d59b0a9427132f79c5c6db3092f301ba2f3d97bed555d90ddb3e31e79c2c193d75bbc9b6c2c86500e2a00728ff201929fd0cde9051a1c68e196e646791f8f03989312ca822dcf45e5108229470a324834162d4efd542f3506a9b13d0f9c660c7e94bd4b3fc9f09cc4768e1de340aa8fc53b02d24d9f3e378e640e8d3c96816199ada32391a3f3c3d1bad8cc09b28c5c80a9d6e1ed17281dff3d56f7cbfcb5019fc22cf54978662de8fae8ecaf13836ba0e7ca18b97ef4b4d480481e757ab3b5979e9c844d016100eae5199007bfe1bcbffa328e4f811f5d60e43871e0208fb6abb4dcc797038a3c84583472831ae77040588673544d6b1bfc4b4a48e78ac891c11d57d7e82e7bae6d0e1a41a5b487a1f3c9f3ce6733eb53ff24970fdf9286b5b639ef61466c569f6653627da55d2c63c1b553bef8e4fe2b6af2736f0dfcd595fe39f25f1bba61aaec62f783e95826f8ee75cd8226fe09744d619979fa0fcc0c8e41c4ce8d18aa0735b38c632632a3e8ac6529b8717d3100d0e7747dabae3dcf2afa6487a8c2bba78116c92df952d88b622e7091adb0e961f0184557757ab893beb970f90a3c6aa4c1131b8f39f167091a1fcedaf09c46a14c707512cbdf550ecb009e1c98d07e7fbc07d285b1912632567da0224263d37a819044c9a03ad77be42a801467e87aa8764dcd4a094680a9af8bbe45d3a262697ebbbf7a680679a181f5e22e1ec61e9a95fadd4007765905e2762422aa9fe331fe5e3123beb4646f1dedb7445cac3d6a044ee088824e1fadfce4042f580ff64ab6a63e6857bfaf328b230ee68297b7aaa22f251d19b7a8c7c63d0007c20a5c6706f8f510f8be0ddb6d574995524d187a4d0c5ccc6cd8c2d8c6c028430f7a2e22a433e5d48547177e3a540dae82df705fd7482d315574f7a25ec084b3c2ff5211eaab4474f82674b10bd7453dc93727917e85888e8cf9506c57f537c1002c7ff287a05fd3c6b62fa7be5ea2caf0f6a40217ca89dc97e065735d8e0e7a44d10804b8602b45a41710113eedc39d5fbc1b83b07be0fde9cc2cd1af4ca50d4b1ea50e58ca1ab549d0900430da91c574e503b7e3155dac1d343e0e4d65f2ca7a53e7f40942027fe3a67003b051b361bde677090a62475813c3bda2883426d761a519baeb13ebfdeb93978b853233b463d599d1a6f13670791aac0b74cc826e2247ca56f10ea78b6ee89eb80c34aa9c967aaf4d54b0cc86de94d71d2c0c8d80385ca6c60a2f97dac7341e646b58101d1c48a9c2677e52610cc0babe576f2f3271b53ccdcb34689635a79fc99fad1b7f319d12fd0a54e72f25c7c7075822b4b70de7209511a8174b12d2fb25239f8398bb077f393ffb5b3eac0eda3c5cf909c199c6206ae58f6e2f2524fcf094fe5a8ca6b85d30222217e8149104ea9a1a1b054d2a8dc1015f1a93a6eeee5c5c3f9f99e2efe45d07f852ce46c48778ce402e90e4a60e066702790ac8c3bf5b1edb99b0832e3ec6a96b117df1566607d3dce0c0ee42275531f33c1c0b8c95ea26ec63412682749245ef72b657bf28b63b438c803983d6ff835e759d8d0044a8ffefc69df1750eddda847e4ed26df41d254b104b89b96c1d2231e534062d9b9db385672ac09399bdbf00bab0dd403f619efcb8ba5a9cc87839e4adbed3fde12f5c9a09ed100c1681833fa7f4522da8f3ff38561d014cca7628c483259827019887f963dd350ce27cc5c07a14edf55c9f30a97f4634628c24527360a8d77c9492001053afa9097673856d223b1906114858779d4de2a9a51be3ab0b3ed1c4b516a183287528775aaa98b6c0d0dbbfd4d7f0a4c5be97ff1b438e6ec4c08e9a0358056e842c026fe6c2f8d3079cbc0dfc3ff89a58b9e07202d025c7ae897d5cdba4b58b2e394dbd46b02380133c4239aa9f193e2d318339cf1266807c3b7619bc3a195449aaa4048cfddca5f0b0aaa2d9613bde88f858edb2cc73ea773345827d3b8cf553a07e4460ee1fa9fc8b79c298c327d56d8e32eec30587f0efdf3efe5b587c1d4dce64aac51bb013f0040feb54d6512b198ac2c0af784d4d75750d8f643c8cc4d94fd98a3f99cad6673882f41b87fc193f6a73cadd544f20c63eb663b87487da959968da9da949b02fb8ec72df336704c099aec7f28088a26bb62bf0661d7e3463c0fb004e6439340e688cff9eb330b2750a24dda42de295b24919b30da508234a2f3a69a809d46eb6b844a0fa6296fff924affd242b69123d7cdfc8cf0f9edcbc4650b568855a88b127aecb2fe52d1efc1210403e2b7eb1fbe4ece0f3640ad76ea48c847d0bfb8ef2c9528372d84661d3910da032befccc6687f59b26c75da668dbae201c52206c2c6560284f662fc8fa41337c65eeb2a5b7d02c5924fb2915d80d223d570eb017d45fda6a0cac3e66dc2442c020c0bb84bd06b5d12d064b96fbd837fe734ca7a320a335a00e7f64e36708cb84fee37b89ebe0acb911acaa69ae1ee86a81a0a47af2dcfa8e7a0e008f56963c2cf0f659b2b9728d58b8760a16dccc456d86e8174c8b2b94dccb50d49152796bd812c705b53de75c8c2034f6ebe4135d7d041dee50422dd8113eb2edcc172bae6216d3bf10f22d7ffa7df5e5d1ae84f351f1a4af25d7dcbaee4836530ce17b0e4d37d4ce12f503c599a449ac07c0edd0a45fb551ebe2bc2e6a4f1c1e9a55cff480ff76bc1d33147b40f33ce7465c1a54222af3a435ad1383f12fb4880c98155eb744ce280e72f7ba85e7ba04aa99b0b2a3a51b7b7c28c85798f136e2d944a36dee8d4ebd171194e45fa460bd2446564f8f614680d373902e3381341cee5a5ab2e4ba17611d9fb7af22fd423ee9b36cb3e5dd4daa6427589eaa1643190f9e92d5188a690b96964437983bad352bb3e19551c2b6eb24e04eb1bf231614489f1a34d721e6253c08cdabfb98197a96cc364e70f938e84f71870f76ee49bdb8f92a24503db8e46b03f0675a5b0be3020e7823b23f5e5a78a72c1c6e84ab76eb3a779a00bf0197c022141b978f20d0763b8880d1819ec7b52526cee17981f47c90704dafc18023fa682ab86057f81efee8276d581d979a91ec6d20150b1b1988d390f07d1052be44bcace51e13ede0d790a10306b72e20babb6cc39e6c8ff84cc029ae01eec7d24c3be399cf017ad624c566ac5951c72c0a00bf9db2e838ee7cb5747f2d9975f07a3bf1e015498144ed877d831cb615306a93ce84610420593bc55d0444ab3fed1533491df9dffd6c4dbba733f2c8ec8b61f585d7d81b25519ea2e66bdbfa6e22f054c8104f74136867548f22174a05b968dc1377eaca9b427069778340dc792d60949caf8d646ed18277fc136547e796567bd73ce29ed041541a5b2703401fb283293baca736963bbcb80638aa13610082b64c4bfce5a1525f32c04c4846899a47a3ca6af37ba94854da44ff3ea5d759cc3b531e54d73920f35aa96058e0b20163903f573bcaeaeeb35d259fb408bd1e1cf47ed43b23e4c6e94a93942da67927da3070e6efd79345d93a8dddf6d4e7e11d785f936bd4fea12fc0a04aaa1d6441f27d97922b4043c2d839bae194bc4c69aa1e9b77bbf5eaa5e8dc22e2686506b81f67e4113e4e36d7e794ec9fb492530869412a09b891e88ba134d8a69e7f434eb812ad65e5a623a44a08cb714988989d59fc9ee4c75a4472799468fc9fa229030b235e4ddc2daa9162523844f876c4b54a3ada5bfc4b2ee62c26178d351a57169fa7b0952abfb82d1e0959252eb8130f7a44f99c7300f9061c3747a45932525f3b6d3c5768809f0fb2300bd72d14974f8bec69baa1efd9b9ae13fa56c5b49073a6d1ed1df1ad0a33fd00b87dbf0101b93e93121d9a2ce0e76afddfbeb94e557e26b03d71535a2618140"
    )

    parser = TLS13BodyParser(data)
    print(parser.parse())