Doing lower layer stuff

Pages: 12
Is there a library in c++ (or another languge) that lets me handle tcp synack, tls and that stuff on my own?

What needs to be done to get to that level?

TLS is application layer, on top of TCP. It's not part of TCP itself.

Sockets libraries (both on Unix and Windows) allow opening raw sockets at the transport layer. You can assemble your own TCP packets (or use some other transport protocol). Obviously you'll have to implement TCP entirely yourself.

Raw sockets can also be opened at the data link (e.g. Ethernet) and network (e.g. IP) layers.
Thanks man. Appriciate it! :)
If TLS is app layer, shuldn't I be able to handle a tls handshake on my own after the tcp is done?
You are. What makes you think you aren't?
Because when I send a https request from the browser to my server, the message is encrypted (I receive 517 bytes, but the output is 3 strange characters)
If this is the initial part of the handshake then the message shouldn't be encrypted yet?
I couldn't say what that means without looking at a network traffic recording. All I can say is that TLS is definitely application layer.

https://en.wikipedia.org/wiki/Transport_Layer_Security
Sounds like you're trying to do https yourself. You can, but it's rarely done because it's complicated, tricky to get right, and you have to rewrite it all when a new protocol is used (currently the world typically uses TLS 1.2).

There are many libraries for C, but we tend to use openssl, not because it has a nice interface, but because it works.

There's an initial Client Hello, the server replies with it's own Hello and sends the cyphers it accepts. The client chooses one and they do a key echange (using expensive public keys to generate one time fast cheap key).

Then they talk. It's hard to get right by yourself.

C++ is the fastest thing around, but by and large, the libraries are non-existent or suck.

As openssl is such a pain to use directly, it's often easier to to this stuff using something like Poco, which wraps openssl in a more application-centric interface.

I couldn't say what that means without looking at a network traffic recording.


But it doesn't seem that it's plain text. Do you know something about this, how it should be handled?

On windows I only got 3 characters. This is the output on linux, maybe it tells u something:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Request: ��Yߪ�M��O�x&�u�@�����"�/���A� �7����Zg��[Р�ߌ����0�Ƈ$�+�/̨̩�,�0�
�       ��39/5
��


#
 hhttp/1.13ki L��|�%.[!����VM[�\>F      �"K�RMA4�Si;һ   \wb�$
Xߛй��H���dNCqN�w�DCcj��a��                                    �$ׯ��
-@�                       �{�&��+
�VDY�$�+�/̨̩�,�0��B�̴<��%��]uPB    �9�U��� m3����hS�4΂�m[�'�{�
�       ��39/5
��


#
-@�`��+�C1���X��.�݇�}9�BA�r�#Q�_X���X�p�.oh?�V
Request: �m
�          ݪ�s\̍$ܱ����͆N
j�g�n�
       q���pW�&��03�hJ�����,�V�_Mlx$�+�/̨̩�,�0�
�       ��39/5
��


#
3��p�p/1.13ki 3����sG��W��+�NV��՛H]�wH1(z)?A?|KǠKv�Kn´�խ-��'�?��*^$8��i�qm\��TK�5��mxa%p
-@�
_�b%7�dt��/�'g`���c�v��p�=�;P�$�+�/̨̩�,�0��
�       ��39/5
�� 



it's rarely done because it's complicated, tricky to get right...There are many libraries for C


Then it shuldn't be that hard :)

Last edited on
I don't really understand why you're looking at the raw TCP traffic on a web server. Are you developing a web application or the HTTP server itself?
Want to handle the handshake. If a browser sends a https request I assumed that the first packets should include a "client hello"

I'm receiving messages on my tcp socket
Why, though? The HTTP server library I assume you're using should handle that.
Not using any lib. My http server is written without HTTP library. And now I want to make it "secure" by handling the handshake. But I dont know where to look for these "handshake messages"
So when I asked if you were developing an HTTP server, the correct answer would have been "yes, I'm implementing the HTTP/S protocol myself".

https://tools.ietf.org/html/rfc2818
https://tools.ietf.org/html/rfc8446
Last edited on
At the end we understood each other, that's the important thing.

The content of the link seems relevant, I'll take a look. Thanks again

On windows I only got 3 characters. This is the output on linux, maybe it tells u something:

it tells me that you are trying to print binary data onto the screen.

An unsigned byte has 0-255 (256, 8 bits worth) total values. When printing to the screen a subset of those are printable (many of the ones near zero are not printable) and you use the ones that make sense for text. In binary any byte can be any value and trying to print it gives nonsense. The only sensible way to print binary to the screen is 1 byte at a time, usually in hex but integer format is ok at times, so you can see the true value rather than gibberish.

in windows, this is on par with trying run this at the console and expecting something useful:
c:\ type a.exe
Last edited on
jonnin can u give a example on how this can be done? I need a "human readable version" of this binary(or whatever it is) on file or console.
I need a "human readable version" of this binary(or whatever it is) on file or console.
Why?

A C print function might look like:
1
2
3
4
5
6
7
8
#include <stdio.h>
#include <ctype.h>

void print(int fd, char* buffer, size_t len) {
    size_t i;
    for (i = 0; i != len; ++i)
        fprintf(fd, "%02x '%c' ", buffer[i], (isprint(buffer[i]) ? buffer[i] : ' '));
}


Then it shuldn't be that hard :)
To help you on your way, you should examine the traffic using a packet capture app like wireshark, rather than solely relying on what you can see in your app.
Last edited on
To help you on your way, you should examine the traffic using a packet capture app like wireshark, rather than solely relying on what you can see in your app.


Im trying to build an app that handles the http"S"/TLS protocol/handshake. If I cant see what im dealing with how should I be able to write a program/server that handles the messages?

I tried your code with the received data. It doesn't input anything to the file.
Last edited on
flush and close the file. If that does not work, try writing hello world or something to the file in hex. Debug it from the bottom up, in other words... get the file working, once you can see something there, try the packet data again, if that does not work, make sure you rx'ed a packet at all, etc...

what he gave is what I was saying to do. or in c++, I think its just
cout << hex << buffer[index] << " "; //or filename instead of cout as needed

wireshark is your friend, but, as you noted, you do need to see what you have in hand yourself, so you can begin to unravel it.

you may want to do UDP first and build up.
Last edited on
Pages: 12