Shulou(Shulou.com)06/02 Report--

This article mainly introduces "how to understand https and grab bags". In daily operation, I believe many people have doubts about how to understand https and grab bags. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for you to answer the doubts of "how to understand https and grab bags"! Next, please follow the editor to study!

The death of 0x00 HTTP

Data is transmitted in plaintext and is easy to sniff

Data integrity is unverified and easy to tamper.

The identity of the website is not authenticated and is easy to be counterfeited.

This gives birth to HTTPS.

0x01, what is HTTPS?

HTTP + SSL/TLS

TLS is an upgraded version of SSL

Two pictures are worth a thousand words:

Functions: anti-sniffing, anti-tampering, identity authentication

0x02 https handshake process

Establish a https connection (plaintext) and transmit data using symmetric encryption.

TCP three-way handshake

C-> S: [client hello] C sends a hello message (protocol version, random number c, encryption component list, etc.) to S to request the establishment of a SSL session.

S-> C: [server hello] returns a response (confirm encryption component, random number s, etc.).

S-> C: [certificate] returns the response certificate (website certificate).

S-> C: [server key exchange] specifies the key agreement (exchange) protocol (key agreement method) and sends the public key of the key agreement (exchange) algorithm to C.

S-> C: [serverhellodone] send serverhellodone to start key negotiation of C.

C-> S: [clientkeyexchange] C generates the public and private keys of the key negotiation (exchange) algorithm, and sends the public key to S. In this case, C and S can negotiate the same key pre master secret. Now C and S can calculate the symmetric encryption key through the three random numbers of c master. (I also see a version where C generates pre master secret and sends it to S with key exchange / negotiation algorithm. I don't think it is necessary to send it. The public key of key negotiation sent by S through C and a random number xs generated by itself can calculate the pre master secret by themselves. Another version of the symmetric encryption key is that C encrypts S with the certificate public key of S and decrypts it with private key. Here, I think that this symmetric key S can also be generated by cMagne pre master itself and does not need to be sent by C. )

C-> S: [changecipherspec] notifies S that the message is later sent by C in an encrypted manner.

C-> S: C encrypts all previous handshake messages hash with the generated symmetric key and sends them to the S decryption verification hash.

S-> C: [changecipherspec] after notifying C of this message, S sends the data in an encrypted manner.

S-> C: s encrypts all previous handshake messages hash with a symmetric key and sends them to C for decryption verification hash.

Start symmetrically encrypted data transmission... (Application Data)

0x03 grab packet Analysis https handshake process

Take the browser to open https://www.52pojie.cn as an example

1. Dns parsing and tcp three-way handshake

2. Clienthello:

It can be seen that the browser sent the supported protocol version TLS1.2,32 byte random number c, encryption component cipher and other information to S.

3. Serverhello:

You can see that S chose the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 encryption component, which is explained as follows:

The key exchange algorithm is used to determine how to authenticate between the client and the server during the handshake. The algorithms used include RSA,Diffie-Hellman,ECDH,PSK and so on. ECDHE is selected here.

An encryption algorithm that is used to encrypt a message flow. The name is usually followed by two numbers, indicating the length of the key and the length of the initial vector, such as DES 56, RC2 56, RC4 128, AES 128, and AES 256. AES is selected here.

Message Authentication Information Code (MAC) algorithm, used to create a message digest to ensure the integrity of the message (not tampered with), including MD5,SHA and so on. SHA384 is selected here.

PRF (pseudorandom number function), used to generate "master secret".

S also sends a 32-byte random number s.

4.certificate:

The first cert is the certificate of the 52pojie website, and the second cert is the certificate of the issuer trustasia institution.

You can get the details of the certificate here

5. Serverkeyexchange and serverhellodone:

You can see that the ECDH key exchange algorithm is used to specify the elliptic curve secp256r1, and the public key negotiated by the DH algorithm is sent to C.

6. Clientkeyexchange and client change cipher spec:

Here C sends the public key negotiated by the DH algorithm to S and encrypts the handshake message to S for verification.

7. Server change cipher spec:

The server uses Ticket to store session state and needs to send New Session Ticket messages before Server Change Cipher Spec, so I won't elaborate on this part. Here the S encrypted handshake message is verified by C.

8. Application data:

Here we can see that after the handshake between the two sides, the future messages are symmetrically encrypted, and the plaintext can no longer be seen.

0x04 other

As the handshake process leads to the slow speed of https than http, I think the security it brings is more important, while the speed is slow, but users can hardly feel it, and there are many optimization measures to improve the speed.

With https can not completely guarantee the security of the website, security is multi-factor, multi-link, even if there is https, a 'short board' can fall into a website, and https itself is not safe, such as the famous heart bleeding loophole.

Https also does not absolutely prevent MITM, such as forging certificates, exporting plaintext passwords, and so on.

At this point, the study on "how to understand https and grab packages" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.