hexstr
works fine as long as you pass it bytes in both cases. I can't reproduce your issue
'\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xf0;\xc0\xa8d\x88\xc0\xa8d\x94\x08\x00\x9de\xc7\x06\x00\x00\x9c\xd9\xf6\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
hexstr(stream, onlyhex = 1)
Out[4]: 'aa aa 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 f0 3b c0 a8 64 88 c0 a8 64 94 08 00 9d 65 c7 06 00 00 9c d9 f6 b9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
hexstr(x, onlyhex = 1)
Out[8]: 'C2 AA C2 AA 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 C3 B0 3B C3 80 C2 A8 64 C2 88 C3 80 C2 A8 64 C2 94 08 00 C2 9D 65 C3 87 06 00 00 C2 9C C3 99 C3 B6 C2 B9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
In [12]: stream
Out[12]: 'ªª\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01ð;À¨d\x88À¨d\x94\x08\x00\x9deÇ\x06\x00\x00\x9cÙö¹\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
In [13]: stream.encode()
Out[13]: b'\xc2\xaa\xc2\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xc3\xb0;\xc3\x80\xc2\xa8d\xc2\x88\xc3\x80\xc2\xa8d\xc2\x94\x08\x00\xc2\x9de\xc3\x87\x06\x00\x00\xc2\x9c\xc3\x99\xc3\xb6\xc2\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
In [14]: hexstr(stream.encode())
Out[14]: 'C2 AA C2 AA 03 00 00 00 08 00 45 00 00 54 00 00 40 00 40 01 C3 B0 3B C3 80 C2 A8 64 C2 88 C3 80 C2 A8 64 C2 94 08 00 C2 9D 65 C3 87 06 00 00 C2 9C C3 99 C3 B6 C2 B9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..........E..T..@.@...;....d......d......e.................................................................'
In [9]: stream
Out[9]: '\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00T\x00\x00@\x00@\x01\xf0;\xc0\xa8d\x88\xc0\xa8d\x94\x08\x00\x9de\xc7\x06\x00\x00\x9c\xd9\xf6\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
In [10]: stream.encode()
---------------------------------------------------------------------------
UnicodeDecodeError Traceback (most recent call last)
<ipython-input-10-db32f268970b> in <module>()
----> 1 stream.encode()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xaa in position 0: ordinal not in range(128)
hexstr(x, onlyhex = 1)
Out[8]: 'C2 AA C2
newStream = []
newStream.append(" ".join(map(lambda stream:"%02x"%ord(stream), stream)))
newStream = " ".join(newStream)
Decrypt SSL/TSL with specific Private Key
I have the original certificate, and I want to show HTTPS sniffed traffic in plaint UTF-8 text
For example, in HTTP traffic we can use this code:
readable_payload = bytes(packet[TCP].payload).decode('UTF8','replace')
But for HTTPS this just show unreadable random characters.
I was read ant test below resources, But not useful:
https://github.com/secdev/scapy/blob/master/doc/notebooks/tls/notebook2_tls_protected.ipynb
https://github.com/tintinweb/scapy-ssl_tls
I want a clean solution like this article that use TSHARK , But I must use SCAPY because I spent too much time on develop my firewall with scapy:
https://minnmyatsoe.com/2016/01/26/using-tshark-to-decrypt-ssl-tls-packets/