如何从TLS流里面提取证书,并解析证书的字段?
首先假设从流量中拿到了x509证书。

__author__ = 'dk'
#x509证书解析try:from cryptography import x509from cryptography.hazmat.backends import default_backend
except BaseException as exp:raise BaseException('Please install cryptography library: pip3 install cryptography -i https://mirrors.aliyun.com/pypi/simple/')
def bytes_to_string(bytes):return str(bytes, 'utf-8')def x509name_to_json(x509_name):json = { }for attribute in x509_name:name = attribute.oid._namevalue = attribute.valuejson[name]=valuereturn jsondef x509_parser(cert_hex):cert = bytes.fromhex(cert_hex.replace(':',''))cert = x509.load_der_x509_certificate(cert, default_backend())rst = {'issuer':x509name_to_json(cert.issuer),'subject':x509name_to_json(cert.subject),#'extensions':cert.extensions,#'not_valid_before':cert.not_valid_before,#'not_valid_after':cert.not_valid_after,}return rstif __name__ == '__main__':certs_hex = '308205e7308204cfa00302010202100de5c0e0d5f746cc16eedd9ffad89fb1300d06092a864886f70d01010b05003046310b3009060355040613025553310f300d060355040a1306416d617a6f6e31153013060355040b130c536572766572204341203142310f300d06035504031306416d617a6f6e301e170d3231303832343030303030305a170d3232303932323233353935395a301c311a3018060355040313117777772e6a6574627261696e732e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201010097aa0774a852f11ebf1041e1c23faafa13d207f70de6021f1c4e0ffbd58b941b01d014064089ef65f5063b9b67efd0558cac11f790e29a7faa451a247b27ee08f428d8e08949287bb3bff04d1182de1442fbe9ed274332c29dc6fc89f48f40feff8473f32809f61c1c130043f46d2b2e59679c7141a28ef2c776623b442f5a1fd38a690048dd81afd39c0261fcc30e9d7f177c2d45e033b8555d507c58c0e9bb5dca9e66183816713c121b6c459b3427a4fc03befac72259851720886fc93f25c599fc7229a35515f7759e654b265c9345b8a0db96015cbb4374df3893bc4f415f03f9e70d7730255142dc50ce38645869803b0ff48547ec912ad5308bda542f0203010001a38202f9308202f5301f0603551d2304183016801459a4660652a07b95923ca394072796745bf93dd0301d0603551d0e041604145735f044ba197133f3a92f4dc498ed038ac3e5ba302b0603551d110424302282117777772e6a6574627261696e732e636f6d820d6a6574627261696e732e636f6d300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302303b0603551d1f043430323030a02ea02c862a687474703a2f2f63726c2e73636131622e616d617a6f6e74727573742e636f6d2f73636131622e63726c30130603551d20040c300a3008060667810c010201307506082b0601050507010104693067302d06082b060105050730018621687474703a2f2f6f6373702e73636131622e616d617a6f6e74727573742e636f6d303606082b06010505073002862a687474703a2f2f6372742e73636131622e616d617a6f6e74727573742e636f6d2f73636131622e637274300c0603551d130101ff040230003082017e060a2b06010401d6790204020482016e0482016a01680076002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc7840000017b757ed96100000403004730450221009b91e3da4443ce4a459231847c5c1552efbee31dd038d2a164a55faa04636bc1022078ef6a4004d52d432fca58159d69097bd3732f480bc63d018023f567230cb1ba00770041c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f60000017b757ed95a0000040300483046022100b9ca9962aec89a95f534d58505dfdb705122ed938530cff4ebd46fc51c6720440221009d1d615e4ed92272d9920a61a855846f5281f27a6cc20caf23afa13320f761ed007500dfa55eab68824f1f6cadeeb85f4e3e5aeacda212a46a5e8e3b12c020445c2a730000017b757ed9c7000004030046304402202600790fbeaca4f7760ccf3e38ee583f9ecaacfe33ac6f899338d223477f2eea022011f9621208d6719556313104a8f3c2238b5eb857f3f4928e0bab1528d46b624e300d06092a864886f70d01010b05000382010100b112bfd4daceeb9d5a14151c9588e52f9f3438e3a24d3d5ad8d734772abd29385673fe831e6fc5c79db2cf43e90beb5bdbabeb9c11c1a567486729ff56454b37db143fad606de64f6b430753aedb3b90c0d71438b908d217f5dc34fe5a17088bafef89963efb657101c39208d315ea191ecfa6a027c08ea05fef94397839ed7e60c8767c817e83b11af9c5bb60e85929773962d7d706287b325c63d8ee46965e2f0b3929b4da72e508053ca891c3f81925fe939e83b732e53c9542d9cc61cdab6dffd16b66c0e6059afba678070b6ee1b95283e5dd778943127e4d318acb00ad05ece59d839180712fe4ebcd5c9c12a8ee2178bbd49534f26e466fe7398760ce,3082044930820331a0030201020213067f94578587e8ac77deb253325bbc998b560d300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135313032323030303030305a170d3235313031393030303030305a3046310b3009060355040613025553310f300d060355040a1306416d617a6f6e31153013060355040b130c536572766572204341203142310f300d06035504031306416d617a6f6e30820122300d06092a864886f70d01010105000382010f003082010a0282010100c24e1667ddcebc6ac8375aec3a30b01de6d112e8122848cce829c1b96e53d5a3eb03391acc7787f601b9d970cccf6b8de3e3037186996dcba6942a4e13d6a7bd04ec0a163c0aeb39b1c4b558a3b6c75625ec3e527aa8e3291607b96e50cffb5f31f81dba034a628903ae3e47f20f2791e3142085f8fae98a35f55f9e994de76b37efa4503e44ecfa5a8566079c7e176a55f3178a351eeee9acc3754e58557d536b0a6b9b1442d7e5ac0189b3eaa3fecfc02b0c84c2d85315cb67f0d088ca3ad11773f55f9ad4c5721e7e01f19830632aaaf27a2dc5e2021a86e5323e0ebd11b4cf3c93ef1750109e43c2062ae00d68bed3888b4a658c4ad4c32e4c9b55f486e50203010001a382013b3082013730120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d0e0416041459a4660652a07b95923ca394072796745bf93dd0301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b050003820101008592be35bb79cfa381421ce4e3637353395235e7d1adfdae998aac89122fbbe76f9ad54e72ea203061f997b2cda5270245a8ca763e984a839eb6e645e0f243f608de6de86edb310713f02f310d936d61377b58f0fc51989128024f0576b7d3f01bc2e65ed06685110f2e81c6108129fe206048f3f2f0841353653515116b82514055575f18b5b0223eadf25ea301e3c3b3f9cb415ae65291bbe436874f2da9a4076835ba9472cd0eea0e7d57f279fc37c57b609eb2ebc02d90770d491027a538adc412a3b4a3c848b3150b1ee2e219dcc47652c8bc8a417870d96d97b34a8b782d5eb40fa34c60cae147cb782d1217b1528bca392cbdb52fc2330296abda947f,308204923082037aa0030201020213067f944a2a27cdf3fac2ae2b01f908eeb9c4c6300d06092a864886f70d01010b0500308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3135303532353132303030305a170d3337313233313031303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a38201313082012d300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08301f0603551d230418301680149c5f00dfaa01d7302b3888a2b86d4a9cf2119183307806082b06010505070101046c306a302e06082b060105050730018622687474703a2f2f6f6373702e726f6f7467322e616d617a6f6e74727573742e636f6d303806082b06010505073002862c687474703a2f2f6372742e726f6f7467322e616d617a6f6e74727573742e636f6d2f726f6f7467322e636572303d0603551d1f043630343032a030a02e862c687474703a2f2f63726c2e726f6f7467322e616d617a6f6e74727573742e636f6d2f726f6f7467322e63726c30110603551d20040a300830060604551d2000300d06092a864886f70d01010b050003820101006237425cbc10b53e8b2ce90c9b6c45e207007af9c5580bb9088c3eedb3253cb56f50e4cd356aa79334963221a94844ab9ced3db4aa736de47f1680896ccf280318834779a3107e305bac3bb060e077d408a6e11d7c5ec0bbf99a7b229da700097eac461783dc9c265799303962968feddadeaac5cc1b3eca43686c5716bcd50e202efeffc26a5d2ea04a6d14588794e639315f7c73cb90886a84119627a6edd98146a67ea372000a523e83880763778969170f3985d2ab08454dd0513afd5d5d37644c7e30b25524429d36b05d9c178161f1caf9100224abeb0d74918d7b4529503988b2a68935251e146a4723312f5c9afaad9a0e6251a42aa9c4f9349d2118,308204753082035da003020102020900a70e4a4c3482b77f300d06092a864886f70d01010b05003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3039303930323030303030305a170d3334303632383137333931365a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a381f03081ed300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183301f0603551d23041830168014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7304f06082b0601050507010104433041301c06082b060105050730018610687474703a2f2f6f2e7373322e75732f302106082b060105050730028615687474703a2f2f782e7373322e75732f782e63657230260603551d1f041f301d301ba019a0178615687474703a2f2f732e7373322e75732f722e63726c30110603551d20040a300830060604551d2000300d06092a864886f70d01010b05000382010100231de38a57ca7de917794cf11e55fdcc536e3e470fdfc655f2b20436ed801f53c45d34286bbec755fc67eacb3f7f90b233cd1b58108202f8f82ff51360d405cef18108c1dda775974f18b96ddef7939108ba7e402cedc1eabb769e3306771d0d087f53dd1b64ab8227f169d54d5eaef4a1c375a758442df23c7098acba69b695777f0f315e2cfca0873a4769f0795ff41454a4955e1178126027ce9fc277ff2353775dbaffea59e7dbcfaf9296ef249a35107a9c91c60e7d99f63f19dff57254e115a907597b83bf522e468cb20064761c48d3d879e86e56ccae2c0390d7193899e4ca09195bff0796b0a87f3449df56a9f7b05fed33ed8c47b730035df4038c'certs = certs_hex.split(',')print(x509_parser(certs[0]))

接下来,解决如何从流量中提取证书的问题。
如果自己写c代码提取证书的,这是比较麻烦的事情,因为一般证书超过一个MTU,会挎ip数据包,此时需要我们自己拼接数据包,而且要注意解决乱序的问题。之前研一的一个课程作业写过这个玩意。
为了方便起见,我选择使用flowcontainer库,让库自己去解决这个问题。
其中证书的16进制串是用flowcontainer库提取的:

from flowcontainer.extractor import extract
def parser_flow_information(pcap, easy_proto=None, certificate= False):if certificate == True:extension = 'tls.handshake.certificate'flows = extract(pcap,filter=filter, ip_layer=ip_layer, extension = extension)rst = []for each in flows:certs = []if certificate :if extension in flows[each].extension:certificate_hex = flows[each].extension[extension][0][0]certificate_hexs = certificate_hex.split(',')for cert in certificate_hexs:certs.append(x509_parser(cert))

输出:

    "certs": [{"issuer": {"countryName": "US","organizationName": "Amazon","organizationalUnitName": "Server CA 1B","commonName": "Amazon"},"subject": {"commonName": "www.jetbrains.com"}},{"issuer": {"countryName": "US","organizationName": "Amazon","commonName": "Amazon Root CA 1"},"subject": {"countryName": "US","organizationName": "Amazon","organizationalUnitName": "Server CA 1B","commonName": "Amazon"}},{"issuer": {"countryName": "US","stateOrProvinceName": "Arizona","localityName": "Scottsdale","organizationName": "Starfield Technologies, Inc.","commonName": "Starfield Services Root Certificate Authority - G2"},"subject": {"countryName": "US","organizationName": "Amazon","commonName": "Amazon Root CA 1"}},{"issuer": {"countryName": "US","organizationName": "Starfield Technologies, Inc.","organizationalUnitName": "Starfield Class 2 Certification Authority"},"subject": {"countryName": "US","stateOrProvinceName": "Arizona","localityName": "Scottsdale","organizationName": "Starfield Technologies, Inc.","commonName": "Starfield Services Root Certificate Authority - G2"}}]

TLS流量的X509证书解析,从pcap获取证书并解析相关推荐

  1. pythonrequests解析_Python requests获取网页常用方法解析

    这篇文章主要介绍了Python requests获取网页常用方法解析,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下 主要记录使用 requests ...

  2. 使用TLS和Mosquitto Broker实现安全通信之密钥和证书生成

    目录 1 前言 2 概览 3 密钥和证书生成 3.1 创建CA密钥对(根证私钥) 3.2 创建CA证书请求(根证书请求文件) 3.3 创建Mosquitto Broker相关密钥 3.4 创建CA证书 ...

  3. pcap文件格式及文件解析

    pcap文件格式及文件解析 第一部分:PCAP包文件格式 一 基本格式: 文件头 数据包头数据报数据包头数据报...... 二.文件头: 文件头结构体  sturct pcap_file_header ...

  4. (转)创建X509证书,并获取证书密钥的一点研究

    创建X509证书,并获取证书密钥的一点研究 作者:肖波 个人博客:http://blog.csdn.net/eaglet ; http://www.cnblogs.com/eaglet 2007/7 ...

  5. php获取x509证书信息,创建X509证书,并获取证书密钥的一点研究

    作者:肖波 背景 服务器SSL数字证书和客户端单位数字证书的格式遵循X.509标准.X.509是由国际电信联盟(ITU-T)制定的数字证书标准.为了提供公用网络用户目录信息服务,ITU于1988年制定 ...

  6. java 对证书文件以及秘钥.key的解析

    java解析证书具有两种方式, 1.为证书的标准格式,java通过jdk进行对标准证书进行base64解密转换.解析,由于网上对于该方式的描述较多,本文不做过多描述. 2.第二种方式为java去除了开 ...

  7. java 解析p12_java读取*.p12证书的信息 | 学步园

    现在很多通讯都是在SSL上进行的.本文主要针对*.p12证书 读取里面信息. /** * ReadP12Cert.java * 版权所有(C) 2012 * 创建:cuiran 2012-07-31 ...

  8. TLS/SSL 协议详解(6) SSL 数字证书的一些细节1 证书验证

    证书关系到了SSL的众多安全性,比如身份认证,密钥交换.所以有必要单拉出一章来讲证书.本章完善一下前几节中的身份认证的一些缺点. 首先,通过前面讲解,我们知道,证书需要几个重要的字段.例如" ...

  9. 密码学专题 证书和CA指令 申请证书|建立CA|CA操作|使用证书|验证证书

    Req指令介绍 功能概述和指令格式 req指令一般来说应该是提供给证书申请用户的工具,用来生成证书请求以便交给CA验证和签发证书.但是,OpenSSL的req指令的功能远比这样的要求强大得多,它不仅可 ...

  10. 实现CA证书创建及客户端申请证书

    author:JevonWei 版权声明:原创作品 CA证书的相关文件路径 openssl配置文件/etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf C ...

最新文章

  1. liunx 加入域控_linux下的域控做法
  2. Androguard 的交叉引用说明
  3. LeetCode 923. 3Sum With Multiplicity
  4. 最小生成树实验报告c语言,算法与程序设计实验最小生成树(c语言).ppt
  5. python stm32-STM32F4系列使用MicroPython开发
  6. 从旁观者到贡献者:经历 OpenYurt 的“开源之夏”,我们想让更多人体验社区的魅力
  7. 配置lamp+supervisor
  8. react 组件遍历】_从 Context 源码实现谈 React 性能优化
  9. python拾遗(二)
  10. airtest web 录制滑块_Airtest之web自动化(一)
  11. PHP 框架 模块化,Laravel 的模块化开发框架 Notadd RC1
  12. amazon rds 性能_Amazon S3 —云文件存储可提高性能并节省成本
  13. ddr布线 pads_DDR SDRAM布线规则
  14. 微博的html,微博输入html
  15. Java 基础实验 银行转账
  16. android实现应用商店开发,基于Android平台的应用商店客户端的设计与实现
  17. 身份证文字信息及人脸图片采集
  18. springboot jar包启动 读取resource下的文件
  19. 计算机网络 数据链路层 数据链路层的作用
  20. 在centos7上编译EDK2

热门文章

  1. 正弦定理和余弦定理_高中数学,正弦定理和余弦定理的应用举例,含高频考点及详细解析...
  2. 【渝粤教育】广东开放大学 企业财务报表分析 形成性考核 (26)
  3. MySQL复制表数据到新表的方法 亲测可用
  4. 塞雷三分钟漫画中国史1
  5. 谷歌学术首页url爬取
  6. Dva引用echarts制作统计图表
  7. 计算机组成原理中rr,计算机组成原理作业~第四章.doc
  8. 某传销app的用户信息泄露
  9. 数码管动态显示从0显示到999999,每隔0.1s增加1个数
  10. iptables实现网卡包的转发