Wireshark-dev: Re: [Wireshark-dev] [TLS parser]Help seeking idea to write TLS parser in basic w

From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Sun, 15 Oct 2017 21:43:37 +0100
Hi Sadik,

On Fri, Oct 13, 2017 at 11:54:46AM +0200, Sadik Sikder wrote:
> i have a own netanalyzer [developed libpcap on linux c/c++]that  works like
> kind of wireshark. the net analyzer developed by other team up to tcp
>  parser and i need to write tls parser which parse following field values
>  i have developed a TLS decryption system taking field values from analyzer
> like client random, server random etc. these are static. for totally
> automation /dynamic i need write a tls parser code for triggering automatic
> those field value fetching into my decryption tool.
> currently i am seeking information or idea how should i start to write TLS
> parser. i have no idea before that. a basic page example link or
> explanation would be great help.

Since you are posting this to the Wireshark Developers list... You could
invoke Wireshark and parse its dissection results. E.g.

    tshark -r your.pcap -Y ssl -T pdml

and then parse the dissection done by Wireshark.

Though given your scenario, this is probably not what you meant.

I already explained to you how Wireshark dissects TLS before:
https://www.wireshark.org/lists/wireshark-dev/201709/msg00006.html

To write your TLS parser you need to:

 - Implement TLS record parser (trivial) and reassembly.
 - Given the reassembled records, parse Handshake messages.
 - Given parsed Handshake messages, extract required information (Client
   Random, SKE, etc.).
 - ...

How you implement this is up to you, what have you tried? (This is
starting to get off-topic for wireshark-dev though.)
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl