Crafting DTLS ClientHello Packets with Scapy

0
votes

I am going to simulate a DTLS initial handshake using Scapy. As DTLS is not supported in Scapy, I had to use scapy-ssl_tls in order to build DTLS packets. I first tried it with TLS and sent a ClientHello as follows:

p = TLSRecord() / TLSHandshakes(handshakes=[TLSHandshake() /
                                            TLSClientHello(compression_methods=list(range(0xff))[::-1],
                                                           cipher_suites=list(range(0xff)))])

It works completely fine. However, when I am trying to send a DTLS ClientHello, in Wireshark I get the error of Fragment runs past the end of message. I use the following code to send DTLS Packet. 

p = DTLSRecord(epoch = 0, sequence = 0) / DTLSHandshake() / DTLSClientHello(cipher_suites=list(range(0xff)))

If you also have any other ideas to craft DTLS packets, please inform me.

1
pythonsslscapydtls

1 Answers

0
votes

scapy-ssl_tls support has very basic support for DTLS. What is probably going wrong here is that you are not setting the correct lengths for the ClientHello, CipherSuites and HandShake. You also need to make sure you're setting the correct fragment length.

target = (dst, port)

suites = [TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA, \
            TLSCipherSuite.RSA_WITH_AES_128_GCM_SHA256]

#Calculate the length of the ciphersuites
suites_length = 2*len(suites)
d1_ch = DTLSClientHello(cipher_suites=suites, cipher_suites_length=suites_length)

#Calculate ClientHello Length
d1_ch_len = len(str(d1_ch))

#Populate the Handshake message
d1_hs = DTLSHandshake(length=d1_ch_len, fragment_offset=0)

#Get the length of the DTL handshake message
d1_hs_len = len(str(d1_hs))

#Construct the DTLS ClientHello Request
record_len = d1_hs_len + d1_ch_len
p = DTLSRecord(length=record_len) / d1_hs / d1_ch

p.show()
print ("sending DTLS payload")
s.sendto(str(p), target)
resp = s.recv(1024 * 8)
print ("received, %s" % repr(resp))
SSL(resp).show()

s.close()