Skip to content

Actions

ic0ns edited this page Nov 27, 2017 · 13 revisions

A WorkflowTrace as implemented in TLS-Attacker consists of multiple Actions. The following Actions are currently implemented in TLS-Attacker:

  • Send
  • Receive
  • GenericReceive
  • Renegotiation
  • ResetConnection
  • Wait
  • DeactivateEncryption
  • ChangeCipherSuite
  • ChangeClientRandom
  • ChangeCompression
  • ChangeMasterSecret
  • ChangePreMasterSecret
  • ChangeProtocolVersion
  • ChangeServerRandom
  • and many more!

The Actions are described in more Detail below. Note: You can also define your own Actions and use them with TLS-Attacker

Send

The SendAction is one of the basic TLS-Attacker Actions. If it is executed it sends a List of predefined Messages/Records.

<Send>
    <messages>
        <ClientHello/>
    </messages>
    <records>
        <Record/>
    </records>
</Send>

With messages you can specify a list of Messages you want to send, and with records you can defined the records in which these messages should be send. By default, TLS-Attacker will add Records to your WorkflowTrace as needed and create them with the correct sizes. With the default Settings TLS-Attacker will add additional records as needed to your WorkflowTrace and ignore Records it did not need to send the defined Messages. You can edit this behavior in the Config. For more information on Records check the Record Chapter in the Wiki.

Receive

The Receive-Action is another basic Action for a WorkflowTrace. With this Action you can order TLS-Attacker to receive Messages. The Receive-Action consists of 3 Components:

  • messages: Contains the actual received Messages after this action was executed
  • records: Contains the actual received Records after this action was executed
  • expectedMessages: Contains a List of messages we Expect to receive.
<Receive>
    <messages/>
    <records/>
    <expectedMessages>
        <ServerHello/>
        <Certificate/>
        <ServerHelloDone/>
    </expectedMessages>
</Receive>

When using this Action you can optimize the WorkflowTrace by defining which Messages you expect to receive. TLS-Attacker can use this information to increase the performance of you WorkflowTrace. If you are not receiving the exact messages you defined in this Action TLS-Attacker will wait for a timeout to occur before continuing with the next Action (default 1s).

GenericReceive

The GenericReceive-Action is a special form of the Receive-Action. In this action you do not need to specify which messages you expect to receive and the timeout specified in the config will always be used.

<GenericReceive>
    <messages/>
    <records/>
</GenericReceive>

or

<GenericReceive/>

Renegotiation

The Renegotiation-Action is used to tell TLS-Attacker that the messages you are going to be sending are meant to be treated as a Renegotiation. When executed this action resets the hash that is calculated over all already send/received messages.

<Renegotiation/>

ResetConnection

The ResetConnection-Action allows you to define multiple (related) Handshakes in a single WorkflowTrace. When executed the Connection on the lower layer is closed, the RecordLayer cipher is deactivated, the hash over all already send and received messages is reset and the lower layer connection is reinitialized. All other values which were written in the context from previous connections are preserved. This Action is for example used to create session resumption Workflows.

<ResetConnection/>

Wait

With this Action you can instruct TLS-Attacker to pause the execution for a specified number of ms.

<Wait>
    <time>10000</time>
</Wait>

DeactivateEncryption

This action deactivates the encryption in the RecordLayer (if it was active).

<DeactivateEncryption/>

Context Actions

TLS-Attacker currently implements multiple actions which modify values which are stored in the context. Those actions are (probably) mostly useful for fuzzing purposes.

<ChangeProtocolVersion>
    <newValue>SSL3</newValue>
</ChangeProtocolVersion>

<ChangeServerRandom>
    <newValue>77 77 77 77 77</newValue>
</ChangeServerRandom>

<ChangeCipherSuite>
    <newValue>TLS_RSA_WITH_AES_128_CBC_SHA</newValue>
</ChangeCipherSuite>

<ChangeClientRandom>
    <newValue>00 11 22 33</newValue>
</ChangeClientRandom>

<ChangeCompression>
    <newValue>LZS</newValue>
</ChangeCompression>

<ChangeMasterSecret>
    <newValue>00 22 44 66 44</newValue>
</ChangeMasterSecret>

<ChangePreMasterSecret>
    <newValue>33 66 55 44</newValue>
</ChangePreMasterSecret>
Clone this wiki locally