sudo add-apt-repository universe
sudo apt install wireshark
pip install python3-dtls
sudo wireshark
2.基于DTLS的安全服务器设计传输层和应用层
sudo apt install spyder
sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
sudo gedit /etc/apt/sources.list
#阿里源
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
sudo apt-get update
sudo apt-get upgrade
scn = SSLConnection(
sck,
keyfile=path.join(cert_path,"keycert.pem"),
certfile=path.join(cert_path,"keycert.pem"),
server_side=True,
ca_certs=path.join(cert_path,"cert.pem"),
do_handshake_on_connect=False
)
查看代码
client
查看代码
1)启动客户端和服务端
python server/server.py
python client/client.py
2)服务端接受客户端连接
并输出握手消息:
cys@ubuntu:~/NetworkSecurity/EXP1/dtls-src/dtls$ python server/server.py
ok1
ok2
Listen invocation: 1
Completed listening for peer: ('127.0.0.1', 42416)
Accepting...
Completed handshaking with peer
cys@ubuntu:~/NetworkSecurity/EXP1/dtls-src/dtls$ python client/client.py
DEBUG:dtls.util:Allocating BIO: 25437344
DEBUG:dtls.sslconnection:Allocating SSL CTX: 25710240
DEBUG:dtls.sslconnection:Allocating SSL: 26092656
DEBUG:dtls.sslconnection:Initiating handshake...
DEBUG:dtls.sslconnection:...completed handshake
input ls <dir> to list files in dir.
input get <filename> to get files from dir.
>
输入文件名
3)客户端从服务端下载文件
过程截图及代码:
client
ls ./
ls /
get 1.txt
get server.py
Serve
获取到了两个文件
查看client文件下有该文件:
最终总的截图:
4)通过Wireshark分析DTLS协议握手及通信过程
抓取到Hello报文
抓取到cookie
抓取到密钥协商过程
python3.6安装
apt-get install -y software-properties-common
add-apt-repository ppa:deadsnakes/ppa
apt-get update
apt-get install python3.6
cys@ubuntu:~$ python3.6 -m pip install python3-dtls
Collecting python3-dtls
Using cached python3_dtls-1.3.0-py3-none-any.whl (102 kB)
Installing collected packages: python3-dtls
Successfully installed python3-dtls-1.3.0
10 发送Change Cipher Spec消息和Encrypted Handshake消息的目的是什么?
1.通知对端改变当前使用的加密方式,change cipher spec 实际可用于通知对端改版当前使用的加密通信方式。
2.告诉对端自己在整个握手中收到了什么数据,发送了什么数据,保证中间没人篡改报文。首先,无论是客户端还是服务端,都会在握手完成之后,发送 Encrypted handshake message,且各自收到对端的Encrypted handshake message后会去验证这个数据。 具体 这个 Encrypted handshake message 怎么计算,就是把当前(准备发送Encrypted handshake message)前,自己收到的数据和发送的数据进行一次简单运算(hash+加密)。如果中间有人篡改了报文,比如,把客户端的client hello中的提供的加密套件改成了 一个弱秘钥算法,那么对于server而言,收到的client hello 和 客户端实际发送的是不同的
评论(0)
您还未登录,请登录后发表或查看评论