How to extract an SSL/TLS message using scapy and python?
If you want to play with TLS handshake, enable TLS on scapy using load_layer("tls")
.
That enables the TLS module, which supports handshake (requires scapy >= 2.4.0). Scapy will then correctly dissect TLS handshake/key... packets
You should first try
load_layer("tls")
packets = sniff(prn=lambda x:x.summary(), lfilter=lambda x: TLS in x)
And if you're using Scapy 2.4.4+, for better consistency you can even use
sniff([...], session=TLSSession)
Have a look on how the packets are built:
Example:
There is also a quite fancy guide here: https://github.com/secdev/scapy/blob/master/doc/notebooks/tls/notebook2_tls_protected.ipynb
So summarize:
You will find each packet when using load_layer("tls")
.
Note that there are a lot of packets and that TLSCertificate will only appear once. msg
is a list because many informations can be contained in a single TLS packet